My Web server supports TLSv1.3 now.

TLSv1.3   Apache 2.4.37 from Apache Lounge supported TLSv1.3, so I enabled TLSv1.3 on my Web server which runs on Windows7 HP SP1 32-bit. I only changed from SSLProtocol -all +TLSv1.2 to SSLProtocol -all +TLSv1.2 +TLSv1.3. I did nothing about SSLCipherSuite Directive because the SSL_CTX_set_cipher_list page says ‘An empty list is permissible’.
The default value for the this setting is: “TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256”

   Here is the results before and after of SSL Labs Server Test.

Doing CHACHA and Brotli with Apache 2.4 on Windows.

Update information      Edit(May 2)

   Last October, I wrote “CHACHA20 Apache official version already supports but Apache Lounge version 2.4.23, which is my server current version, hasn’t yet“. On April 19, Steffen announced Apache 2.4.26-Dev available with Openssl 1.1.0e VC14. So, we can use CHACHA20_POLY1305 in the Windows version Apache now. For enabling the cipher you need to add CHACHA20-POLY1305 things to the SSLCipherSuite of the httpd-ssl.conf and reboot the Apache. Continue reading “Doing CHACHA and Brotli with Apache 2.4 on Windows.”

Yesterday, my site wasn’t reachable because eNom hit with DDoS attack.

   Yesterday, around 17:00 JST, on TODOS くりくりさん said he wasn’t able to reach my site because of ‘正引きできない’.

   I guess he had ‘ERR_NAME_NOT_RESOLVED’ or ‘DNS_PROBE_FINISHED_NXDOMAIN’.
   I found his comment and was very surprised around 19:30 JST. Very late (^_^;). I checked my site. I maybe made the same stupid thing again, but it’s not my fault at this time.

   くりくりさん told me eNomのネームサーバー障害, and I found them out, enomsupport1, enomsupport2, enomsupport3 and enomsupport4.

   eNom hit with heavy DDoS attack yesterday, which caused domain name resolution problems. See ‘eNom hit with DDoS attack – domain registrar is currently stable’.

Memorandum #18.

   Recently I updated some server apps.

    Update information      Edit(Jul.21)
  1. From ActivePerl-5.22.1.2201 to ActivePerl-5.24.0.2400.
    Last time I installed ActivePerl-5.22.1.2201-MSWin32-x86-64int-299574.msi. But now they doesn’t provide an msi file. Then I tried to install ActivePerl-5.24.0.2400-MSWin32-x86-64int-300558.exe, but it gave me an error like the below.

    Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action CheckInstallDir, entry: CheckInstallDirNoBox, library: C:\Users\UserID\AppData\Local\Temp\MSIXXXX.tmp

    Continue reading “Memorandum #18.”

The Web Server Nightmare Before H2PushPriority.

Update information      Edit(Jun.18)

   Actually, Cygwin has libev and nghttp2 packages now. So, you can use h2load and nghttp features even if you don’t build nghttp2 by yourself. Nevertheless, if youl build nghttp2 on Cygwin, you need to build the Jansson and the spdylay before building it because Cygwin doesn’t have their packages. But, according to the current trend, I think you don’t need the spdylay package. (2016.6.18)
—————————————————————————————————————————————————
   Yes, the title is just a word play from one of Tim Burton works (´ϖ`).

   On February 29, my server was down from about 0:00 to about 20:30 because of hardware malfunction. Last Sunday, February 28, I was trying hard for H2PushPriority which is one of new directives of Module mod_http2. To enable this feature is very easy, but to tune it up is difficult for me. Continue reading “The Web Server Nightmare Before H2PushPriority.”

Upgrading from PHP5.6 to PHP7.0.

   Finally, PHP7.0.0 was released. Congrats and thanks, PHP developers!!
   Windows version appeared on windows.php.net around 21:00 UTC of December 3. Therefore, I upgraded from PHP5.6 to PHP7.0 this morning. Around 10:00 JST of December 4. Continue reading “Upgrading from PHP5.6 to PHP7.0.”

Building h2load on Cygwin.

Update information      Edit(2016.Jan.4)   Edit2(Feb.7)   Edit3(Jun.18)

   Actually, Cygwin has libev and nghttp2 packages now. So, you can use h2load feature even if you don’t build nghttp2 by yourself. Nevertheless, if you build nghttp2 on Cygwin, you need to build the Jansson and the spdylay before building it because Cygwin doesn’t have their packages. But, according to the current trend, I think you don’t need the spdylay package. (2016.6.18)
—————————————————————————————————————————————————
   Now, I have two zip files. One is H2LOAD_dll_package_x86.zip, another is H2LOAD_dll_package_x64.zip. If you download one of them, you can do the test by h2load on your Windows PC. Run cmd.exe and do like this.
> h2load -n100000 -c100 -m10 https://localhost
   If you do this test, you should create your own local server. Because the test might be a cyber attack for the server if you set numbers too high as values of -n -c -m. Be careful.
   I wrote like this before:‘I don’t know why, but it looks like telling Apache without HTTP/2 is faster. Gee!’. This time, I had interesting results. See HTTPS with HTTP/2 and HTTPS without HTTP/2. The test tells that the server supports HTTP/2 is good at dealing with concurrent streams than the server doesn’t support HTTP/2. This is one of HTTP/2 features.

   I’ll write about my hard work to get these files (^_^;).
   [Caution]: The steps blow give the files contained by H2LOAD_dll_package_x64.zip. If you want to have the files for x86 PC, you have to do all steps by setup-x86.exe on a Windows x86 PC. Continue reading “Building h2load on Cygwin.”