M
M@rco
Guest
Just to make sure: did you configure the settings below correctly?
You could try manually restarting the webui by executing:
Code:
service restart_httpdand see if that makes a difference?
pixelserv pixelserv - A Better One-pixel Webserver for Adblock
- Thread starter kvic
- Start date
Just to make sure: did you configure the settings below correctly?
You could try manually restarting the webui by executing:
and see if that makes a difference?
XIII
Very Senior Member
No luck with TLS 1.3 yet... (using the version of pixelserv-tls with the statically linked newer OpenSSL library)
I installed the iOS profile to enable TLS 1.3. When I visit https://www.ssllabs.com/ssltest/viewMyClient.html it does indeed list (experimental) 1.3 protocol support, but when I visit pages on the internet I still see 0 for v13 on the pixelserv-tls server stats page (only v12 is greater than zero).
Additionally I have installed Firefox 63 Beta 14 on my MacBook Pro and checked that security.tls.version.max is 4, as is written here: https://www.ghacks.net/2017/06/15/how-to-enable-tls-1-3-support-in-firefox-and-chrome/ However, when I visit the above SSL Labs page again it now only lists 1.2 support (no 1.3!) and again the v13 counter remains at 0.
What am I doing wrong?
I installed the iOS profile to enable TLS 1.3. When I visit https://www.ssllabs.com/ssltest/viewMyClient.html it does indeed list (experimental) 1.3 protocol support, but when I visit pages on the internet I still see 0 for v13 on the pixelserv-tls server stats page (only v12 is greater than zero).
Additionally I have installed Firefox 63 Beta 14 on my MacBook Pro and checked that security.tls.version.max is 4, as is written here: https://www.ghacks.net/2017/06/15/how-to-enable-tls-1-3-support-in-firefox-and-chrome/ However, when I visit the above SSL Labs page again it now only lists 1.2 support (no 1.3!) and again the v13 counter remains at 0.
What am I doing wrong?
XIII
Very Senior Member
Update: should have read the post by Xentrk, as this command did the trick:
SSL Labs test page still lists 1.2 only, but page visits in both Safari and Firefox (on macOS) now increase the v13 counter.
Code:
sudo defaults write /Library/Preferences/com.apple.networkd tcp_connect_enable_tls13 1
skeal
Part of the Furniture
You just gave me a huge idea....I enabled:Just to make sure: did you configure the settings below correctly?
You could try manually restarting the webui by executing:
Code:service restart_httpd
and see if that makes a difference?
Code:
Redirect webui access to router.asus.com = yes
Thanks for the great tip!I believe the SSL Lab page only tests DRAFT versions of TLS 1.3. Also TLS 1.3 support in Firefox & Chrome has nothing to do with the Apple system-wide default flag..
So now with a few people have tried it on Mac. Seems like Apple indeed has TLS 1.3 final version built in Mojave (& iOS 12..) but not enabled.
EDIT:
If people want to test your browsers supporting TLS 1.3 final version or not, the easiest is to make use of pixelserv-tls.
Visit https://<pixelserv ip>/serverstats. When the page loads, v13 counters should increment. That indicates your browser support the official TLS 1.3 version aka the final version.
Last edited:
This should not get buried and lost..
A script to enable on the fly and present pixelserv-tls log (for whitelisting domain, privacy breach inspection, and etc):
I should emphasise that pixelserv-tls itself is not a script. It's a first-class citizen as a service aka daemon in Linux/Unix world. That is always running in background and serving you for a good purpose.
Hence, people should not wrongly call it a script. Though in the special context of this forum, people in general will understand when you say a script..meant to say an "add-on" feature to your router's FW.
Volunteers looking for opportunity to develop for pixelserv-tls may start with the above script. The goal:
EDIT:
Added a project section to the first post of this thread and links back to this project/post.
A script to enable on the fly and present pixelserv-tls log (for whitelisting domain, privacy breach inspection, and etc):
I should emphasise that pixelserv-tls itself is not a script. It's a first-class citizen as a service aka daemon in Linux/Unix world. That is always running in background and serving you for a good purpose.
Hence, people should not wrongly call it a script. Though in the special context of this forum, people in general will understand when you say a script..meant to say an "add-on" feature to your router's FW.
Volunteers looking for opportunity to develop for pixelserv-tls may start with the above script. The goal:
- light-weight & user friendly
- make use of available tools if necessary
- do not re-invent the wheel
EDIT:
Added a project section to the first post of this thread and links back to this project/post.
DonnyJohnny
Very Senior Member
Where you find that profile?
I want it to be enable for my iOS. 12.1
XIII
Very Senior Member
Same link as before (see a few posts back).
Only for members of the Apple Developer Program.
DonnyJohnny
Very Senior Member
Apple will drop support for TLS 1.0 & 1.1 by March 2020. Firefox, Chrome and Edge will do the same around the same time.
https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
visortgw
Very Senior Member
I just read the same thing minutes ago!
XIII
Very Senior Member
Unfortunately no release date for TLS 1.3 though.
Asad Ali
Very Senior Member
It's already available in iOS 12.1 developer BETA 4 so the code is integrated and functional ( with probably few things left to sort out ) and all they need to do now is enable it by default so probably they'll do it with iOS 12.1 release. [emoji1695]
Something in macOS Mojave.
DonnyJohnny
Very Senior Member
Probably like iOS, the tls 1.3 final only contains in iOS beta and so is macOS. Maybe u can consider macOS beta?
XIII
Very Senior Member
No, this Mac is a production machine; I can't even upgrade it to Mojave.
I'll wait...
XIII
Very Senior Member
Final version of Firefox 63 (with TLS 1.3 support) is planned for tomorrow, but already available:
https://ftp.mozilla.org/pub/firefox/releases/63.0/
Installed it on Windows 10 and the v13 counter is increasing every time I reload the pixelserv statistics page (by 2), but I can't seem to increase the counter in any other way...
Maybe something wrong with my setup? (What?)
https://ftp.mozilla.org/pub/firefox/releases/63.0/
Installed it on Windows 10 and the v13 counter is increasing every time I reload the pixelserv statistics page (by 2), but I can't seem to increase the counter in any other way...
Maybe something wrong with my setup? (What?)
Similar threads
Similar threads
| Thread starter | Title | Forum | Replies | Date |
|---|---|---|---|---|
| C | Diversion Pixelserv replacement | Asuswrt-Merlin AddOns | 2 | |
| L | Is Diversion better than NextDNS, PiHole or AdGuard Home? | Asuswrt-Merlin AddOns | 10 |
Similar threads
-
-
Is Diversion better than NextDNS, PiHole or AdGuard Home?
- Started by Logi
- Replies: 10