Something broken?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Something broken?

Danny Horne
Hi all,

Recently I've been seeing my keyserver fall off the list due to 'missing
keys' a lot more often, I've also noticed the 'Max difference' figure on
https://sks-keyservers.net/status/ has been stuck at 300 for a few days
now (maybe longer).  I'm sure this used to change on every hourly check,
and I've seen it go into four figures before now.

Has some script broken and not be showing the true keyserver status?

Thanks for looking


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Kristian Fiskerstrand-6
On 11/10/2016 07:05 PM, Danny Horne wrote:
> Hi all,
>
> Recently I've been seeing my keyserver fall off the list due to 'missing
> keys' a lot more often, I've also noticed the 'Max difference' figure on
> https://sks-keyservers.net/status/ has been stuck at 300 for a few days
> now (maybe longer).  I'm sure this used to change on every hourly check,
> and I've seen it go into four figures before now.

300 is the minimum diff used, so it just means the variance in the pool
is good enough to be within that.

--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"Action is the foundational key to all success"
(Pablo Picasso)


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (465 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Danny Horne
On 11/11/2016 8:15 am, Kristian Fiskerstrand wrote:

> On 11/10/2016 07:05 PM, Danny Horne wrote:
>> Hi all,
>>
>> Recently I've been seeing my keyserver fall off the list due to 'missing
>> keys' a lot more often, I've also noticed the 'Max difference' figure on
>> https://sks-keyservers.net/status/ has been stuck at 300 for a few days
>> now (maybe longer).  I'm sure this used to change on every hourly check,
>> and I've seen it go into four figures before now.
> 300 is the minimum diff used, so it just means the variance in the pool
> is good enough to be within that.
>
>
Ok, whilst nothing may be 'wrong', I still maintain something has
changed.  The 'Max difference' used to change on every hourly check, and
could run into four figures.  Because it's now fixed at 300 more
keyservers are being removed from the pool (the average number of
keyservers in the pool was around 100, I've seen it recently drop to the
low 60's)


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Kristian Fiskerstrand-6
On 11/11/2016 07:48 PM, Danny Horne wrote:

> On 11/11/2016 8:15 am, Kristian Fiskerstrand wrote:
>> On 11/10/2016 07:05 PM, Danny Horne wrote:
>>> Hi all,
>>>
>>> Recently I've been seeing my keyserver fall off the list due to 'missing
>>> keys' a lot more often, I've also noticed the 'Max difference' figure on
>>> https://sks-keyservers.net/status/ has been stuck at 300 for a few days
>>> now (maybe longer).  I'm sure this used to change on every hourly check,
>>> and I've seen it go into four figures before now.
>> 300 is the minimum diff used, so it just means the variance in the pool
>> is good enough to be within that.
>>
>>
> Ok, whilst nothing may be 'wrong', I still maintain something has
> changed.  The 'Max difference' used to change on every hourly check, and
> could run into four figures.  Because it's now fixed at 300 more
> keyservers are being removed from the pool (the average number of
> keyservers in the pool was around 100, I've seen it recently drop to the
> low 60's)
>
of which only 10 are used, so lower variation is a positive and improves
the user experience/expecation.

the calculation is dynamic, so likely a few servers with high lagg of
keys have finally dissapeared, I try to remove this by doing a two-pass
run to exclude the worst from calculation during pass 1

--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Bene diagnoscitur, bene curatur
Something that is well diagnosed can be cured well


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (465 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Timothy A. Holtzen

On 11/11/2016 12:55 PM, Kristian Fiskerstrand wrote:

> On 11/11/2016 07:48 PM, Danny Horne wrote:
>> On 11/11/2016 8:15 am, Kristian Fiskerstrand wrote:
>>> On 11/10/2016 07:05 PM, Danny Horne wrote:
>>>> Hi all,
>>>>
>>>> Recently I've been seeing my keyserver fall off the list due to 'missing
>>>> keys' a lot more often, I've also noticed the 'Max difference' figure on
>>>> https://sks-keyservers.net/status/ has been stuck at 300 for a few days
>>>> now (maybe longer).  I'm sure this used to change on every hourly check,
>>>> and I've seen it go into four figures before now.
>>> 300 is the minimum diff used, so it just means the variance in the pool
>>> is good enough to be within that.
>>>
>>>
>> Ok, whilst nothing may be 'wrong', I still maintain something has
>> changed.  The 'Max difference' used to change on every hourly check, and
>> could run into four figures.  Because it's now fixed at 300 more
>> keyservers are being removed from the pool (the average number of
>> keyservers in the pool was around 100, I've seen it recently drop to the
>> low 60's)
>>
> of which only 10 are used, so lower variation is a positive and improves
> the user experience/expecation.
>
> the calculation is dynamic, so likely a few servers with high lagg of
> keys have finally dissapeared, I try to remove this by doing a two-pass
> run to exclude the worst from calculation during pass 1
>
>
I've noticed a similar behavior for my server falling off of the list
because of key difference.  In my case I believe it is an issue syncing
with one of my peers.  My recon log shows it discovered 400+ hashes on
the peer but then times out trying to download them.  I've contacted the
peer admin to try to resolve the issue but in the mean time I believe it
slows down gossip for me as any keys submitted to that peer have to find
their way to me through one of my other peers.

Obviously I need to resolve the peer timeout issue but any advice how I
might speed up the gossip process in general?  I've noticed looking at
the stats that the new/updated keys seem to come in bursts during a
window between 1 and 3 am.  I suspect that too could be causing my
server to drop out of the list until it has a chance to catch up.


Timothy A. Holtzen
Campus Network Administrator
Nebraska Wesleyan University
Public PGP key CFB4 3AE8 B726 DEBF 00D9  CCFC 426E 76AF DABC B3D7



_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Kristian Fiskerstrand-6
On 11/13/2016 12:14 AM, Timothy A. Holtzen wrote:
>

...
>
> Obviously I need to resolve the peer timeout issue but any advice how I
> might speed up the gossip process in general?  I've noticed looking at
> the stats that the new/updated keys seem to come in bursts during a
> window between 1 and 3 am.  I suspect that too could be causing my
> server to drop out of the list until it has a chance to catch up.
>

How often are you updating the stats? default is only update once a day,
you can issue a SIGUSR2 to update it more often, I crontab it on hourly
basis


--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"By three methods we may learn wisdom: First, by reflection, which is
noblest; Second, by imitation, which is easiest; and third by
experience, which is the bitterest."
(Confucius)


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (465 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Danny Horne
On 13/11/2016 2:47 pm, Kristian Fiskerstrand wrote:
> How often are you updating the stats? default is only update once a day,
> you can issue a SIGUSR2 to update it more often, I crontab it on hourly
> basis
>
>
>
Could you share your crontab entry?  Would like to do this myself


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Kristian Fiskerstrand-6
On 11/13/2016 08:24 PM, Danny Horne wrote:
> On 13/11/2016 2:47 pm, Kristian Fiskerstrand wrote:
>> How often are you updating the stats? default is only update once a day,
>> you can issue a SIGUSR2 to update it more often, I crontab it on hourly
>> basis
>>
>>
>>
> Could you share your crontab entry?  Would like to do this myself
>

25 * * * * pkill -USR2 sks || exit 1

--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Ubi mel ibi apes
Where there's honey, there are bees


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (465 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Danny Horne
On 13/11/2016 7:55 pm, Kristian Fiskerstrand wrote:
> On 11/13/2016 08:24 PM, Danny Horne wrote:
>
>> Could you share your crontab entry?  Would like to do this myself
>>
> 25 * * * * pkill -USR2 sks || exit 1
>
>
Working great, thank you


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Valentin Sundermann
In reply to this post by Timothy A. Holtzen
Hey,

> Obviously I need to resolve the peer timeout issue but any advice how I
> might speed up the gossip process in general?  I've noticed looking at
> the stats that the new/updated keys seem to come in bursts during a
> window between 1 and 3 am.  I suspect that too could be causing my
> server to drop out of the list until it has a chance to catch up.
I can confirm these issues too. I have a status page with bar charts[1]
on which these peaks are clearly visible. Iirc, the peaks started
something around three months ago (maybe something with the evil32
upload?). There also was a 4-day stop of these peaks with one big peak
at it's ending (2016-10-31 - 2016-11-04).

What's interesting too is, only that there are only peaks for new keys
and not for both, new and updated keys. Do these sync differently?

I couldn't find the time to debug yet. But maybe I this is helpful anyways.

Best regards,
Valentin Sundermann


[1] https://keys.vsund.de/stats/


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (837 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Danny Horne
On 17/11/2016 5:28 pm, Valentin Sundermann wrote:
> Best regards,
> Valentin Sundermann
>
>
> [1] https://keys.vsund.de/stats/
>
>
Do you mind me asking how you got those charts on your page?  Tried the
Github files linked to at the bottom but they only appear to give me a
different key search page.

Thanks


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Timothy A. Holtzen
In reply to this post by Valentin Sundermann

On 11/17/2016 11:28 AM, Valentin Sundermann wrote:

> Hey,
>
>> Obviously I need to resolve the peer timeout issue but any advice how I
>> might speed up the gossip process in general?  I've noticed looking at
>> the stats that the new/updated keys seem to come in bursts during a
>> window between 1 and 3 am.  I suspect that too could be causing my
>> server to drop out of the list until it has a chance to catch up.
> I can confirm these issues too. I have a status page with bar charts[1]
> on which these peaks are clearly visible. Iirc, the peaks started
> something around three months ago (maybe something with the evil32
> upload?). There also was a 4-day stop of these peaks with one big peak
> at it's ending (2016-10-31 - 2016-11-04).
>
> What's interesting too is, only that there are only peaks for new keys
> and not for both, new and updated keys. Do these sync differently?
>
> I couldn't find the time to debug yet. But maybe I this is helpful anyways.
>
> Best regards,
> Valentin Sundermann
>
Setting up Kristian's cron job to dump the stats every hour seems to
have resolved my issue of falling out of the pool at least for now.
However can someone explain how the diff files are used for recon?  In
the process of trouble shooting I noticed that the diff files for
several of my peers seem to consistently have over 100 hashes in them.
Assuming I'm communicating with those peers should the number of hashes
drop back down?  If so does having a large number of hashes in the diff
file indicate a problem?  I also have a number of diff files that appear
to be for peers that no longer exist or have been de-listed.  Is it safe
to remove these files?


Timothy A. Holtzen
Campus Network Administrator
Nebraska Wesleyan University
Public PGP key CFB4 3AE8 B726 DEBF 00D9  CCFC 426E 76AF DABC B3D7



_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Valentin Sundermann
In reply to this post by Danny Horne
Hi,
> Do you mind me asking how you got those charts on your page?  Tried the
> Github files linked to at the bottom but they only appear to give me a
> different key search page.
Oh, I could have known that this leads to confusion. I copied the HTML
from the main page to get a consistent look. The GitHub link points to
Matt Rude's repository for a pretty frontpage for a keyserver's search.

I'm sorry to say, but the code that generates and displays the charts
isn't anywhere available yet. The PHP behind it, is the most dirtiest
bit of code I ever wrote...
I planned to rewrite it in a tidier way and put it somewhere on Github
but I couldn't find time yet. Probably I'll do in the next 1-2 weeks,
but no promises here :)

Best regards,
Valentin Sundermann


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (837 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Kristian Fiskerstrand-6
On 11/19/2016 12:43 AM, Valentin Sundermann wrote:

> Hi,
>> Do you mind me asking how you got those charts on your page?  Tried the
>> Github files linked to at the bottom but they only appear to give me a
>> different key search page.
> Oh, I could have known that this leads to confusion. I copied the HTML
> from the main page to get a consistent look. The GitHub link points to
> Matt Rude's repository for a pretty frontpage for a keyserver's search.
>
> I'm sorry to say, but the code that generates and displays the charts
> isn't anywhere available yet. The PHP behind it, is the most dirtiest
> bit of code I ever wrote...
> I planned to rewrite it in a tidier way and put it somewhere on Github
> but I couldn't find time yet. Probably I'll do in the next 1-2 weeks,
> but no promises here :)
There seems to be some HSTS setup blocking access to
http://keys.vsund.de:11371/pks/lookup?op=stats ?

--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"There is no urge so great as for one man to edit another man's work."
(Mark Twain)


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Kristian Fiskerstrand-6
On 11/19/2016 12:55 AM, Kristian Fiskerstrand wrote:

> On 11/19/2016 12:43 AM, Valentin Sundermann wrote:
>> Hi,
>>> Do you mind me asking how you got those charts on your page?  Tried the
>>> Github files linked to at the bottom but they only appear to give me a
>>> different key search page.
>> Oh, I could have known that this leads to confusion. I copied the HTML
>> from the main page to get a consistent look. The GitHub link points to
>> Matt Rude's repository for a pretty frontpage for a keyserver's search.
>>
>> I'm sorry to say, but the code that generates and displays the charts
>> isn't anywhere available yet. The PHP behind it, is the most dirtiest
>> bit of code I ever wrote...
>> I planned to rewrite it in a tidier way and put it somewhere on Github
>> but I couldn't find time yet. Probably I'll do in the next 1-2 weeks,
>> but no promises here :)
>
> There seems to be some HSTS setup blocking access to
> http://keys.vsund.de:11371/pks/lookup?op=stats ?
>
Lynx ftw .. (just wanted to make sure it didn't replace the stats
requests :) )

--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"There is no urge so great as for one man to edit another man's work."
(Mark Twain)


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Michael Jones
In reply to this post by Kristian Fiskerstrand-6
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 18/11/16 23:55, Kristian Fiskerstrand wrote:

> On 11/19/2016 12:43 AM, Valentin Sundermann wrote:
>>> Hi,
>>>>> Do you mind me asking how you got those charts on your
>>>>> page?  Tried the Github files linked to at the bottom but
>>>>> they only appear to give me a different key search page.
>>> Oh, I could have known that this leads to confusion. I copied
>>> the HTML from the main page to get a consistent look. The
>>> GitHub link points to Matt Rude's repository for a pretty
>>> frontpage for a keyserver's search.
>>>
>>> I'm sorry to say, but the code that generates and displays the
>>> charts isn't anywhere available yet. The PHP behind it, is the
>>> most dirtiest bit of code I ever wrote... I planned to rewrite
>>> it in a tidier way and put it somewhere on Github but I
>>> couldn't find time yet. Probably I'll do in the next 1-2
>>> weeks, but no promises here :)
> There seems to be some HSTS setup blocking access to
> http://keys.vsund.de:11371/pks/lookup?op=stats ?

Not HSTS but;

139752133074456:error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:

(proxy is sending https traffic to http)

ie no ssl offload.

Mike
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJYL9IKAAoJEOYwtpHNe8FmcBIIAL7tdJ+PmGkVGJBLGo2DgimQ
EqBdVCvzSN/boFwtM3HnqcTbsopmKY15i5Ob3jdXmnu13OJ1ofOp+TGFH7hmR0xb
n2M8Db6rVrpwFDFEcZltG/j2eYklfOFgtMIlJXaACLG0S2ijHPf5Z99EHU6pMm0a
q1s49LGJbVkXzx5PNBp2ldjWihhl6P50cxXVs7HrLKBneUhvF4bAAGYmV7yy/Umh
vzdEy3WnzJgDzgR53bxzs54lGd9ihvxYI76fzVxi0w7qatIxcOGVHn6j/W8iU2XN
5RmJCV/T15DQArb60ay7ea0kALkcv8jO/U9/t1oRU35hykCuT+n2VDu1ZcSdTKM=
=fsQl
-----END PGP SIGNATURE-----

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Michael Jones
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 19/11/16 04:16, Michael Jones wrote:

> On 18/11/16 23:55, Kristian Fiskerstrand wrote:
>> On 11/19/2016 12:43 AM, Valentin Sundermann wrote:
>>>> Hi,
>>>>>> Do you mind me asking how you got those charts on your
>>>>>> page?  Tried the Github files linked to at the bottom
>>>>>> but they only appear to give me a different key search
>>>>>> page.
>>>> Oh, I could have known that this leads to confusion. I
>>>> copied the HTML from the main page to get a consistent look.
>>>> The GitHub link points to Matt Rude's repository for a
>>>> pretty frontpage for a keyserver's search.
>>>>
>>>> I'm sorry to say, but the code that generates and displays
>>>> the charts isn't anywhere available yet. The PHP behind it,
>>>> is the most dirtiest bit of code I ever wrote... I planned to
>>>> rewrite it in a tidier way and put it somewhere on Github but
>>>> I couldn't find time yet. Probably I'll do in the next 1-2
>>>> weeks, but no promises here :)
>> There seems to be some HSTS setup blocking access to
>> http://keys.vsund.de:11371/pks/lookup?op=stats ?
>
> Not HSTS but;
>
> 139752133074456:error:140770FC:SSL
> routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
>
> (proxy is sending https traffic to http)
>
> ie no ssl offload.
>
> Mike
>

+ a rewrite rule to https, (I hadn't visited the url before so HSTS
wouldn't apply)


-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJYL9LnAAoJEOYwtpHNe8Fm458IALG2zO+WfnQmCFbwXv7NBfdB
I1aUPjLzzbmSupssMne2Ka2m6MCCI2GQXdvvGO9SbIys6hFi4fTJlVVWik1ydd8s
/wq8h/zg+UBEXdaWP6KYGIKprVzrvNukq52HzS1J7LKal+FobDrgxyYiPVtFpqV+
U5lArx9SKuiVqCoMQIOrFWWkq9EV5ZqYyFbRJRKTokoJYiuRmkM1hy/55aCscl/6
D0I+kXcwix5+VP5CkcndZ+A2mdHchDxw4IyTG6Pc2Rf3rSOHq4oZCrW9sB7TTJ3q
jld9rcNMDcMRBZpZc4U7X+a1q3clJPBTqT8I5ryubQjfcfuBJYstYeE7kyXsbGY=
=fbi4
-----END PGP SIGNATURE-----

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Valentin Sundermann
Hey,

>>> There seems to be some HSTS setup blocking access to
>>> http://keys.vsund.de:11371/pks/lookup?op=stats ?
>> Not HSTS but;
HSTS only prevents a "real" browser from viewing it. As of my
understanding, all other client implementations shouldn't have problems
with HSTS on the domain but HTTP traffic at port 11371.
So I'm sure it isn't a problem.

>> 139752133074456:error:140770FC:SSL
>> routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
>
>> (proxy is sending https traffic to http)
>
>> ie no ssl offload.
I'm pretty sure that this is because of my ssl settings (I only accept
TLS 1.2 atm).
But the clients shouldn't have problem with this either, because they
use the plain protocol at port 11371.

> + a rewrite rule to https, (I hadn't visited the url before so HSTS
> wouldn't apply)
There is one at port 80 but not at 11371. If I understood it correctly,
the client implementations expect to have plain traffic at port 11371.
So having a rewrite there would confuse them, I guess.

Best regards,
Valentin Sundermann


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (837 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Danny Horne
In reply to this post by Valentin Sundermann
On 18/11/2016 11:43 pm, Valentin Sundermann wrote:

> Hi,
>> Do you mind me asking how you got those charts on your page?  Tried the
>> Github files linked to at the bottom but they only appear to give me a
>> different key search page.
> Oh, I could have known that this leads to confusion. I copied the HTML
> from the main page to get a consistent look. The GitHub link points to
> Matt Rude's repository for a pretty frontpage for a keyserver's search.
>
> I'm sorry to say, but the code that generates and displays the charts
> isn't anywhere available yet. The PHP behind it, is the most dirtiest
> bit of code I ever wrote...
> I planned to rewrite it in a tidier way and put it somewhere on Github
> but I couldn't find time yet. Probably I'll do in the next 1-2 weeks,
> but no promises here :)
>
> Best regards,
> Valentin Sundermann
>
Ah, it's your own code, if you do make it available on Github I'd like
to try it


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Something broken?

Kristian Fiskerstrand-6
On 11/19/2016 05:18 PM, Danny Horne wrote:

> On 18/11/2016 11:43 pm, Valentin Sundermann wrote:
>> Hi,
>>> Do you mind me asking how you got those charts on your page?  Tried the
>>> Github files linked to at the bottom but they only appear to give me a
>>> different key search page.
>> Oh, I could have known that this leads to confusion. I copied the HTML
>> from the main page to get a consistent look. The GitHub link points to
>> Matt Rude's repository for a pretty frontpage for a keyserver's search.
>>
>> I'm sorry to say, but the code that generates and displays the charts
>> isn't anywhere available yet. The PHP behind it, is the most dirtiest
>> bit of code I ever wrote...
>> I planned to rewrite it in a tidier way and put it somewhere on Github
>> but I couldn't find time yet. Probably I'll do in the next 1-2 weeks,
>> but no promises here :)
>>
>> Best regards,
>> Valentin Sundermann
>>
> Ah, it's your own code, if you do make it available on Github I'd like
> to try it
In the mean time you might be interested in the [munin plugins for sks]
see example [0,1]:

[munin plugins for sks]
https://git.sumptuouscapital.com/?p=munin-sks.git;a=summary

[0]
https://download.sumptuouscapital.com/sks/munin_sks/sks_daily_keys-week.png

[1]
https://download.sumptuouscapital.com/sks/munin_sks/sks_number_keys-week.png

--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Qui audet vincit
Who dares wins


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (499 bytes) Download Attachment
12