Categories
Windows

My Web server supports TLSv1.3 now.

TLSv1.3   Apache 2.4.37 from Apache Lounge supported TLSv1.3, so I enabled TLSv1.3 on my Web server which runs on Windows7 HP SP1 32-bit. I only changed from SSLProtocol -all +TLSv1.2 to SSLProtocol -all +TLSv1.2 +TLSv1.3. I did nothing about SSLCipherSuite Directive because the SSL_CTX_set_cipher_list page says ‘An empty list is permissible’.
The default value for the this setting is: “TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256”

   Here is the results before and after of SSL Labs Server Test.

同一記事の日本語版
Categories
Windows

Moving to MariaDB10.2.

同一記事の日本語版

   Yesterday, くりくりさん told me MariaDB 10.2 became GA by his tweet. So I moved to MariaDB 10.2.6 last night.

   About upgrading procedures, there was no troubles. See “Updating to MariaDB 10.0.11” about HowTo.

Categories
Windows

Doing CHACHA and Brotli with Apache 2.4 on Windows.

同一記事の日本語版
Update information      Edit(May 2)

   Last October, I wrote “CHACHA20 Apache official version already supports but Apache Lounge version 2.4.23, which is my server current version, hasn’t yet“. On April 19, Steffen announced Apache 2.4.26-Dev available with Openssl 1.1.0e VC14. So, we can use CHACHA20_POLY1305 in the Windows version Apache now. For enabling the cipher you need to add CHACHA20-POLY1305 things to the SSLCipherSuite of the httpd-ssl.conf and reboot the Apache.

Categories
everyday life

Yesterday, my site wasn’t reachable because eNom hit with DDoS attack.

同一記事の日本語版

   Yesterday, around 17:00 JST, on TODOS くりくりさん said he wasn’t able to reach my site because of ‘正引きできない’.

   I guess he had ‘ERR_NAME_NOT_RESOLVED’ or ‘DNS_PROBE_FINISHED_NXDOMAIN’.
   I found his comment and was very surprised around 19:30 JST. Very late (^_^;). I checked my site. I maybe made the same stupid thing again, but it’s not my fault at this time.

   くりくりさん told me eNomのネームサーバー障害, and I found them out, enomsupport1, enomsupport2, enomsupport3 and enomsupport4.

   eNom hit with heavy DDoS attack yesterday, which caused domain name resolution problems. See ‘eNom hit with DDoS attack – domain registrar is currently stable’.

Categories
Windows

Memorandum #18.

同一記事の日本語版

   Recently I updated some server apps.

    Update information      Edit(Jul.21)
  1. From ActivePerl-5.22.1.2201 to ActivePerl-5.24.0.2400.
    Last time I installed ActivePerl-5.22.1.2201-MSWin32-x86-64int-299574.msi. But now they doesn’t provide an msi file. Then I tried to install ActivePerl-5.24.0.2400-MSWin32-x86-64int-300558.exe, but it gave me an error like the below.

    Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action CheckInstallDir, entry: CheckInstallDirNoBox, library: C:UsersUserIDAppDataLocalTempMSIXXXX.tmp
Categories
Vulnerability

Vulnerability DROWN.

同一記事の日本語版

   After reading ‘DROWN SSLv2 Vulnerability Rears Ugly Head, Puts One-Third of HTTPS Servers At Risk’, I checked my server by The DROWN Attack and DROWN Scanner. Vulnerability DROWN is related to OpenSSL Security Advisory [1st March 2016].

Categories
Windows

The Web Server Nightmare Before H2PushPriority.

同一記事の日本語版
Update information      Edit(Jun.18)

   Actually, Cygwin has libev and nghttp2 packages now. So, you can use h2load and nghttp features even if you don’t build nghttp2 by yourself. Nevertheless, if youl build nghttp2 on Cygwin, you need to build the Jansson and the spdylay before building it because Cygwin doesn’t have their packages. But, according to the current trend, I think you don’t need the spdylay package. (2016.6.18)
—————————————————————————————————————————————————
   Yes, the title is just a word play from one of Tim Burton works (´ϖ`).

   On February 29, my server was down from about 0:00 to about 20:30 because of hardware malfunction. Last Sunday, February 28, I was trying hard for H2PushPriority which is one of new directives of Module mod_http2. To enable this feature is very easy, but to tune it up is difficult for me.

Categories
Windows

Memorandum #14.

同一記事の日本語版

   As PHP7.0.2 was released, I updated to it. Here is ChangeLog. My server OS is Windows7 HE SP1 x86, so I downloaded php-7.0.2-Win32-VC14-x86.zip.

Categories
Windows

Upgrading from PHP5.6 to PHP7.0.

同一記事の日本語版

   Finally, PHP7.0.0 was released. Congrats and thanks, PHP developers!!
   Windows version appeared on windows.php.net around 21:00 UTC of December 3. Therefore, I upgraded from PHP5.6 to PHP7.0 this morning. Around 10:00 JST of December 4.

Categories
Windows

Building h2load on Cygwin.

同一記事の日本語版
Update information      Edit(2016.Jan.4)   Edit2(Feb.7)   Edit3(Jun.18)

   Actually, Cygwin has libev and nghttp2 packages now. So, you can use h2load feature even if you don’t build nghttp2 by yourself. Nevertheless, if you build nghttp2 on Cygwin, you need to build the Jansson and the spdylay before building it because Cygwin doesn’t have their packages. But, according to the current trend, I think you don’t need the spdylay package. (2016.6.18)
—————————————————————————————————————————————————
   Now, I have two zip files. One is H2LOAD_dll_package_x86.zip, another is H2LOAD_dll_package_x64.zip. If you download one of them, you can do the test by h2load on your Windows PC. Run cmd.exe and do like this.
> h2load -n100000 -c100 -m10 https://localhost
   If you do this test, you should create your own local server. Because the test might be a cyber attack for the server if you set numbers too high as values of -n -c -m. Be careful.
   I wrote like this before:‘I don’t know why, but it looks like telling Apache without HTTP/2 is faster. Gee!’. This time, I had interesting results. See HTTPS with HTTP/2 and HTTPS without HTTP/2. The test tells that the server supports HTTP/2 is good at dealing with concurrent streams than the server doesn’t support HTTP/2. This is one of HTTP/2 features.

   I’ll write about my hard work to get these files (^_^;).
   [Caution]: The steps blow give the files contained by H2LOAD_dll_package_x64.zip. If you want to have the files for x86 PC, you have to do all steps by setup-x86.exe on a Windows x86 PC.