pixelserv pixelserv - A Better One-pixel Webserver for Adblock

[Protik]

Final version of Firefox 63 (with TLS 1.3 support) is planned for tomorrow, but already available:

https://ftp.mozilla.org/pub/firefox/releases/63.0/

Installed it on Windows 10 and the v13 counter is increasing every time I reload the pixelserv statistics page (by 2), but I can't seem to increase the counter in any other way...

Maybe something wrong with my setup? (What?)

What if you browse cloudflare or facebook? Not all websites configured v1.3 on the server side yet.

Sent from my Moto G (5) Plus using Tapatalk

 

[XIII]

What if you browse cloudflare or facebook? Not all websites configured v1.3 on the server side yet.

No; https://www.cloudflare.com/ was my very first test...

Still wondering what part of my setup is broken (maybe my unbound configuration?).

 

[Protik]

No; https://www.cloudflare.com/ was my very first test...

Still wondering what part of my setup is broken (maybe my unbound configuration?).

Might be. Try to see if disabling that increments the counter.

 

[Twiglets]

Firefox 63 is available from the Beta Channel now.

Just for fun, I am running Firefox 64.0a1 (Supports TLS 1.3 and can encrypt SNI)

If you go to https://www.cloudflare.com/ssl/encrypted-sni/ to test your connection it tells you what your connection supports:

Got a 'Fullhouse' !!!

 

[XIII]

Disabling unbound did not help...

 

[XIII]

That Cloudflare test page does report "Your browser supports TLS 1.3, which encrypts the server certificate" though.

EDIT: Also when visiting www.cloudflare.com Firefox lists the connection as being encrypted (TLS_AES_128_GCM_SHA256, 128 bit keys, TLS 1.3). Still this visit does not increase the v13 counter.

EDIT2: Purged the certificates and restared pixelserv-tls. Now the v13 counter is still increasing by 2 as before, but v12 and v10 remain at 0. Definitely something broken in my setup...

 

[Asad Ali]

That Cloudflare test page does report "Your browser supports TLS 1.3, which encrypts the server certificate" though.

EDIT: Also when visiting www.cloudflare.com Firefox lists the connection as being encrypted (TLS_AES_128_GCM_SHA256, 128 bit keys, TLS 1.3). Still this visit does not increase the v13 counter.

Why should it?
Your "slh" will only increase for blocked domains in your blocking list. If there's nothing worth blocking in the page you visit nothing will route through pixelserv-tls and you won't see increments in the stats.

 

[Mutzli]

Firefox 63 is available from the Beta Channel now.

Just for fun, I am running Firefox 64.0a1 (Supports TLS 1.3 and can encrypt SNI)

If you go to https://www.cloudflare.com/ssl/encrypted-sni/ to test your connection it tells you what your connection supports:

Got a 'Fullhouse' !!!

How did you get Encrypted SNI to work on Firefox 63? Isn't that only available in nightly builds?

 

[M@rco]

How did you get Encrypted SNI to work on Firefox 63? Isn't that only available in nightly builds?

Just for fun, I am running Firefox 64.0a1 (Supports TLS 1.3 and can encrypt SNI)

 

[RMerlin]

What if you browse cloudflare or facebook? Not all websites configured v1.3 on the server side yet.

Sent from my Moto G (5) Plus using Tapatalk

These forums here are behind Cloudflare, and support TLS 1.3. This is what I get in Chrome 70:

 

[Protik]

These forums here are behind Cloudflare, and support TLS 1.3 (unless Tim disabled it on the CF panel).

SNBForums support TLS v1.3 indeed.

 

[Mutzli]

Oh boy, flew right over this line.

 

[XIII]

Why should it?
Your "slh" will only increase for blocked domains in your blocking list. If there's nothing worth blocking in the page you visit nothing will route through pixelserv-tls and you won't see increments in the stats.

That triggered me:

After disabling uBlock Origin (ad blocker extension) visiting https://cloudflare.com does increase v13 by 1...

 

[SMS786]

Just upgraded to FF 63...so nice to finally see TLS 1.3 working on the servstats page!

 

[kvic]

If you go to https://www.cloudflare.com/ssl/encrypted-sni/ to test your connection it tells you what your connection supports:

Cloudflare does well at marketing. Don't get carried away with some of its spins. People grown up with Google could smell something in the air. lol

 

[kvic]

Just upgraded to FF 63...so nice to finally see TLS 1.3 working on the servstats page!

Nice. Don't forget to turn on the flag "security.tls.enable_0rtt_data" for faster speed on the growing number of TLS 1.3 sites.

 

[SMS786]

Nice. Don't forget to turn on the flag "security.tls.enable_0rtt_data" for faster speed on the growing number of TLS 1.3 sites.

Thanks. Value is actually already set to "true" by default on the latest release.

 

[Makaveli]

Thanks. Value is actually already set to "true" by default on the latest release.

I updated yesterday and its good so far.

My current stats

pixelserv-tls 2.2.0 (compiled: Oct 9 2018 10:35:46 flags: tls1_3) options: 192.168.1.3

uts    5d 19:36    process uptime
log    1    critical (0) error (1) warning (2) notice (3) info (4) debug (5)
kcc    5    number of active service threads
kmx    18    maximum number of service threads
kvg    1.40    average number of requests per service thread
krq    393    max number of requests by one service thread
req    29924    total # of requests (HTTP, HTTPS, success, failure etc)
avg    916 bytes    average size of requests
rmx    41009 bytes    largest size of request(s)
tav    1 ms    average processing time (per request)
tmx    1756 ms    longest processing time (per request)
slh    10891    # of accepted HTTPS requests
slm    101    # of rejected HTTPS requests (missing certificate)
sle    0    # of rejected HTTPS requests (certificate available but not usable)
slc    14598    # of dropped HTTPS requests (client disconnect without sending any request)
slu    2925    # of dropped HTTPS requests (other TLS handshake errors)
v13    3195    slh/slc break-down: TLS 1.3
v12    7696    slh/slc break-down: TLS 1.2
v10    0    slh/slc break-down: TLS 1.0
uca    0    slu break-down: # of unknown CA reported by clients
ucb    935    slu break-down: # of bad certificate reported by clients
uce    0    slu break-down: # of unknown cert reported by clients
ush    102    slu break-down: # of shutdown by clients after ServerHello

On a side note I also added

DNSSEC 1.1.0 add on for firefox which is a great way to see if the site you are visiting has it enabled.

 

[Mutzli]

Great add-on, unless something is wrong with my setup or the add-on doesn't work right, it's amazing how many sites are still not secured by DNSSEC. None of my banks use it.

 

[M@rco]

Great add-on, unless something is wrong with my setup or the add-on doesn't work right, it's amazing how many sites are still not secured by DNSSEC. None of my banks use it.

Pixelsrv doesn't provide DNSSEC. DNSSEC is a secure protocol to validate DNS queries. See for example this article for more info: https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en