Resolved Upcoming Server Move

Status
Not open for further replies.
I've added a lower strength cipher that lets IE8/XP connect. It also has the side effect of downgrading the encryption used for IE7/Vista and a couple of other things but if you're using a modern browser then there's no difference.
 
af123 said:
Getting ready for the move I've now got a fully working copy of the forum up on the new server (albeit a bit pinkish so I don't get them mixed up), replacing the temporary "connection successful" page. If you can get to it then your connection is working.
Click to expand...
I quite like the new colour :thumbsup:
 
You should have been a fly on the wall when I saw the first edition!

Another forum I use has user-selectable skins. Just saying.
 
I'm curious about why ECE is "much faster" than RSA, I don't understand why it should be more compute-efficient - although I seem to recall that it needs a shorter key length for a similar strength. I was on the edge of projects involving government-strength encryption about 10 years ago, using ECE and key sets issued by GCHQ. Doing a comparative study of encryption systems has been on my to-do list (for my own personal satisfaction) for some time, I was intrigued by RSA when I first saw details in Scientific American in the 70's.

AFAIK, these high-strength (compute-intensive) public key encryption schemes are only used to set up a one-time pad for the remainder of the session, so whichever scheme is used it's only a relatively small overhead at the start of the exchange.
 
Trev said:
Is anyone using the site actually using the IE8/XP combination. If so, they should be upgrading to something less outdated anyway.
Click to expand...
Yes, they definitely should upgrade. It's been a while since MS stopped issuing patches for XP (even with the 'pretend I'm a till' workaround).
However at least one user (EEPhil) has posted here that the combination doesn't work with the test site and I'm not aiming to cut anyone off with the move.
 
Black Hole said:
I'm curious about why ECE is "much faster" than RSA, I don't understand why it should be more compute-efficient - although I seem to recall that it needs a shorter key length for a similar strength.
Click to expand...
I don't claim to understand the maths but I think that's a large part of it. With EC, you can use a 256-bit private key and that's considered as strong as a 3072-bit RSA key. I didn't benchmark that comparison but I did compare ECDSA/256 with RSA/2048 and an EC handshake is 9.5x faster on the new server. Given the sheer number of parallel connections that modern browsers make, that initial handshake speed can be important (although that's mitigated somewhat by session caching and the use of HTTP/2).
Some best practice guides out there are now saying that RSA/2048-bit keys have had their day and people should be moving to RSA/4096 on the web which would be about 6x slower.

This is from Qualys' best practice guide @ https://www.ssllabs.com/projects/best-practices/index.html
For most web sites, security provided by 2,048-bit RSA keys is sufficient. The RSA public key algorithm is widely supported, which makes keys of this type a safe default choice. At 2,048 bits, such keys provide about 112 bits of security. If you want more security than this, note that RSA keys don't scale very well. To get 128 bits of security, you need 3,072-bit RSA keys, which are noticeably slower. ECDSA keys provide an alternative that offers better security and better performance. At 256 bits, ECDSA keys provide 128 bits of security. A small number of older clients don't support ECDSA, but modern clients do. It's possible to get the best of both worlds and deploy with RSA and ECDSA keys simultaneously if you don't mind the overhead of managing such a setup.
Click to expand...

It's good that hummy.tv uses encryption; among other things it means that usernames and passwords aren't transmitted in the clear. It also allows it to work with Tapatalk on IOS since Apple no longer accept applications into their store that communicate with anything over plain HTTP - a sign of the way the world is going.
 
Black Hole said:
AF posted his quick test on Thursday, to check there were no glaring problems with the server stuff. It's due to go live on Monday - do you think he's not busy building it up?
Click to expand...

I appreciate that he is busy doing that, I just didn't get the screen I expected from the descriptions given, so queried if there had been a change. The change may well be part of loading the data in preparation for going live. I just hadn't seen a note in this thread that I would get anything other than the page showing the encryption used.
 
Trev said:
Is anyone using the site actually using the IE8/XP combination. If so, they should be upgrading to something less outdated anyway.
Click to expand...
That would be me.
Some of us come under Mrs May's "JAM" description and try to make do and mend! (Old laptop still [just about] working, 4:3 crt tv -working...)
Could use Firefox, but it hogs more memory that IE8.
 
af123 said:
I've added a lower strength cipher that lets IE8/XP connect. It also has the side effect of downgrading the encryption used for IE7/Vista and a couple of other things but if you're using a modern browser then there's no difference.
Click to expand...
Thanks.
IE8 now gives the "board closed" page.
 
Back up and running now I see. :)

Is the site now going to be Ad rather than donation funded? I ask because I now get a warning when I log in saying my Ad blocker is enabled etc...
 
Wallace said:
Back up and running now I see. :)
Click to expand...
Yes, it was down for less than an hour. Only a couple of unexpected problems along the way.

Is the site now going to be Ad rather than donation funded? I ask because I now get a warning when I log in saying my Ad blocker is enabled etc...
Click to expand...

It always was to a certain extent. Any Ad revenue will help pay for things and reduce the requirement for donations.
I've placed the adverts so that they don't really interfere with the site (one at the bottom of most pages and one in the right sidebar when viewing forums, posts) - believe it or not there's one ad placement option for putting it between sticky threads and the rest!

It's entirely your choice; you can dismiss the warning about your ad blocker or turn it off for this site.
Even just allowing ads to be displayed raises some funds.
 
af123 said:
Yes, it was down for less than an hour. Only a couple of unexpected problems along the way.



It always was to a certain extent. Any Ad revenue will help pay for things and reduce the requirement for donations.
I've placed the adverts so that they don't really interfere with the site (one at the bottom of most pages and one in the right sidebar when viewing forums, posts) - believe it or not there's one ad placement option for putting it between sticky threads and the rest!

It's entirely your choice; you can dismiss the warning about your ad blocker or turn it off for this site.
Even just allowing ads to be displayed raises some funds.
Click to expand...

I have no problems turning my Ad Blocker off for this site. Once I figure out how to whitelist it, lol.

As you know, I am not adverse to donating here.
 
Status
Not open for further replies.
Back
Top