Re: [PATCH] RSA+DSA+ECC bundles

Hi, As someone about to purchase two certificates please allow me to weight in an outside perspective: On 2013-10-22 12:09 UTC Maxim Dounin wrote: > > An unwanted side effect would be that this will allow client > certificate authentication to use certs from a server's > certificate chain. Proba

Re: redis nginx 1.5.x support

Here are the two aforementioned changes: https://github.com/wmark/ossdl-overlay/blob/61d928a0df58e5d38385920ce05e7381f86913c7/www-servers/nginx/files/http_redis-0.3.6-trailer.patch -- Mark 2013/11/28 SplitIce : > Yes that seems much better than taking over the > u->headers_in.content_length_n f

Re: Nginx Logging to Zeromq Module - Sparkngin

2013/11/16 Steve Morin : > Does anyone have experience integrating zeromq with Nginx. I am looking for > some pointers, to see what concerns I should look out for. > > I am trying to contribute this code to a open source project. > -Steve This seems to me being a good template for what you want t

Re: Nginx Logging to Zeromq Module - Sparkngin

2013/12/10 MAGNIEN, Thierry : > > I don't know much about Zeromq performance, but we pushed redis to about 300k > commands per second on our production servers (8 cores), and benchmarks on > better hardware (24 cores) show it could handle close to 500k/s. ØMQ should come pretty close or even exc

Re: [RFC] event/openssl: Add dynamic record size support for serving ssl trafic

2015-05-05 15:39 GMT+02:00 chen : > > This is v1 of the patchset the implementing the feature SSL Dynamic Record > Sizing, inspiring by Google Front End […] > > Any comments is welcome. Nice! I've implemented that for Golang in the past and have ported it to C for you today. Although a single ini

Re: [RFC] event/openssl: Add dynamic record size support for serving ssl trafic

2015-06-02 3:04 GMT+02:00 SplitIce : > From memory SSL_CIPHER_is_AES is a BoringSSL addition isnt it? I did a quick > look over the OpenSSL source and it does not seem like its been added > either. > > I havent had a chance to compile this yet to confirm it, but if correct then > this is not compat

Re: [PATCH] update default ssl_ciphers value

Do not specifiy cipher suites, one by one, by name. That's dangerous. OpenSSL knows groups! Examples for groups: - HIGH - TLSv1.2 … and matching: - HIGH+kEECDH - HIGH+kEECDH:HIGH+kEDH:-3DES Examining their implementation, and ordering them is the task of security engineers and/or best delegated t