Other SSL?

[postduif]

Hi,


They've been releasing new internet subscriptions ranging from 30/3Mbit/s to 120/10Mbit/s.
As you can see, the speeds are quite high.
Usually normal (not tech) people don't notice traffic shaping.
Because of the speed increase however, even normal people have started to notice something's wrong.

But with Newsleecher 4.0 beta's SSL traffic runs not with SSLv3.

[switch]

It is my understanding that the server chooses which SSL protocol it wants to use for communication. We connect using the SSLv23_METHOD which supports SSLv2, SSLv3, and TLSv1 communication.

If there is the ability to choose to use SSLv2 I will look into it, however I am very surprised they are shaping all SSL traffic.

SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)

    A TLS/SSL connection established with these methods will understand the SSLv2, SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages and will indicate that it also understands SSLv3 and TLSv1. A server will understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best choice when compatibility is a concern.

[postduif]

It is my understanding that the server chooses which SSL protocol it wants to use for communication. We connect using the SSLv23_METHOD which supports SSLv2, SSLv3, and TLSv1 communication.

If there is the ability to choose to use SSLv2 I will look into it, however I am very surprised they are shaping all SSL traffic.

SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)

   A TLS/SSL connection established with these methods will understand the SSLv2, SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages and will indicate that it also understands SSLv3 and TLSv1. A server will understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best choice when compatibility is a concern.

Well, I've tried different usenet providers (astraweb, and dutch providers eweka and xsnews) but there's always an v3 connection. When I use Newsleecher v4 beta's on my windows machine, or Newsbin, which has a v2/v3 switch there's no shaping.
Is there a config file in sabnzbd to change the v2/v3 setting?

I'm using SABnzbd on MAC OS X primary.

[rAf]

Maybe a dumb question but have you tried to connect using other ports like 443 ?

[rAf]

maybe some ISP have started to shape traffic from knows usenet servers ip...

[postduif]

Maybe a dumb question but have you tried to connect using other ports like 443 ?

Yes I have. Port 563 and 443 are shaped. Most usenet providers use these ports for SSL.
The ISP shapes when there's a combination of data with a v3 header and these ports. When I use another port (there's one USP who provides access at port 564) the speed is good.

[rAf]

What version of SABnzbd are you using ?

[postduif]

What version of SABnzbd are you using ?

Latest, 0.4.11

[rAf]

Here a link with a customized version with SSLV2 connection instead of SSLV23.

http://osx.boiboite.net/downloads/SABnzbdSSLV2.zip

Could you try it and tell us if you see a change ?

[postduif]

Here a link with a customized version with SSLV2 connection instead of SSLV23.

http://osx.boiboite.net/downloads/SABnzbdSSLV2.zip

Could you try it and tell us if you see a change ?

YES Great!!
Thanks so much!

[shypike]

YES Great!!
Thanks so much!

Good for you, but I feel another server option coming  :(

EDIT: or maybe just a overall option, because it's ISP-specific and not Usenet-server specific...

[switch]

Unless one of their servers do not support SSLv2...fringe case however; probably best as a general option, I'll add it for 0.5.

[rAf]

YES Great!!
Thanks so much!

Have you tested it ?

[postduif]

YES Great!!
Thanks so much!

Have you tested it ?

Yes, speed is great now. At the same time, with the normal sabnzbd the speed is shaped by my ISP.

[lg4me]

I really would like to use the sslv2 version, but I'm a windows user.

Can you release a modified windows version too?