What's new

pixelserv pixelserv - A Better One-pixel Webserver for Adblock

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Final version of Firefox 63 (with TLS 1.3 support) is planned for tomorrow, but already available:

https://ftp.mozilla.org/pub/firefox/releases/63.0/

Installed it on Windows 10 and the v13 counter is increasing every time I reload the pixelserv statistics page (by 2), but I can't seem to increase the counter in any other way...

Maybe something wrong with my setup? (What?)
What if you browse cloudflare or facebook? Not all websites configured v1.3 on the server side yet.

Sent from my Moto G (5) Plus using Tapatalk
 
Firefox 63 is available from the Beta Channel now.

Just for fun, I am running Firefox 64.0a1 (Supports TLS 1.3 and can encrypt SNI)

If you go to https://www.cloudflare.com/ssl/encrypted-sni/ to test your connection it tells you what your connection supports:

fullhouse.png


Got a 'Fullhouse' ;) !!!
 
That Cloudflare test page does report "Your browser supports TLS 1.3, which encrypts the server certificate" though.

EDIT: Also when visiting www.cloudflare.com Firefox lists the connection as being encrypted (TLS_AES_128_GCM_SHA256, 128 bit keys, TLS 1.3). Still this visit does not increase the v13 counter.

EDIT2: Purged the certificates and restared pixelserv-tls. Now the v13 counter is still increasing by 2 as before, but v12 and v10 remain at 0. Definitely something broken in my setup...
 
Last edited:
That Cloudflare test page does report "Your browser supports TLS 1.3, which encrypts the server certificate" though.

EDIT: Also when visiting www.cloudflare.com Firefox lists the connection as being encrypted (TLS_AES_128_GCM_SHA256, 128 bit keys, TLS 1.3). Still this visit does not increase the v13 counter.

Why should it?
Your "slh" will only increase for blocked domains in your blocking list. If there's nothing worth blocking in the page you visit nothing will route through pixelserv-tls and you won't see increments in the stats.
 
Firefox 63 is available from the Beta Channel now.

Just for fun, I am running Firefox 64.0a1 (Supports TLS 1.3 and can encrypt SNI)

If you go to https://www.cloudflare.com/ssl/encrypted-sni/ to test your connection it tells you what your connection supports:

Got a 'Fullhouse' ;) !!!
How did you get Encrypted SNI to work on Firefox 63? Isn't that only available in nightly builds?
 
What if you browse cloudflare or facebook? Not all websites configured v1.3 on the server side yet.

Sent from my Moto G (5) Plus using Tapatalk

These forums here are behind Cloudflare, and support TLS 1.3. This is what I get in Chrome 70:

upload_2018-10-22_16-11-50.png
 
Oh boy, flew right over this line.
 
Why should it?
Your "slh" will only increase for blocked domains in your blocking list. If there's nothing worth blocking in the page you visit nothing will route through pixelserv-tls and you won't see increments in the stats.
That triggered me:

After disabling uBlock Origin (ad blocker extension) visiting https://cloudflare.com does increase v13 by 1...
 
Just upgraded to FF 63...so nice to finally see TLS 1.3 working on the servstats page!


Nice. Don't forget to turn on the flag "security.tls.enable_0rtt_data" for faster speed on the growing number of TLS 1.3 sites.
 
Thanks. Value is actually already set to "true" by default on the latest release.
I updated yesterday and its good so far.

My current stats

Code:
pixelserv-tls 2.2.0 (compiled: Oct 9 2018 10:35:46 flags: tls1_3) options: 192.168.1.3

uts    5d 19:36    process uptime
log    1    critical (0) error (1) warning (2) notice (3) info (4) debug (5)
kcc    5    number of active service threads
kmx    18    maximum number of service threads
kvg    1.40    average number of requests per service thread
krq    393    max number of requests by one service thread
req    29924    total # of requests (HTTP, HTTPS, success, failure etc)
avg    916 bytes    average size of requests
rmx    41009 bytes    largest size of request(s)
tav    1 ms    average processing time (per request)
tmx    1756 ms    longest processing time (per request)
slh    10891    # of accepted HTTPS requests
slm    101    # of rejected HTTPS requests (missing certificate)
sle    0    # of rejected HTTPS requests (certificate available but not usable)
slc    14598    # of dropped HTTPS requests (client disconnect without sending any request)
slu    2925    # of dropped HTTPS requests (other TLS handshake errors)
v13    3195    slh/slc break-down: TLS 1.3
v12    7696    slh/slc break-down: TLS 1.2
v10    0    slh/slc break-down: TLS 1.0
uca    0    slu break-down: # of unknown CA reported by clients
ucb    935    slu break-down: # of bad certificate reported by clients
uce    0    slu break-down: # of unknown cert reported by clients
ush    102    slu break-down: # of shutdown by clients after ServerHello

On a side note I also added

DNSSEC 1.1.0 add on for firefox which is a great way to see if the site you are visiting has it enabled.

 
Great add-on, unless something is wrong with my setup or the add-on doesn't work right, it's amazing how many sites are still not secured by DNSSEC. None of my banks use it.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top