Page 1 of 2
Other SSL?
Posted: July 7th, 2009, 1:31 am
by postduif
Hi,
They've been releasing new internet subscriptions ranging from 30/3Mbit/s to 120/10Mbit/s.
As you can see, the speeds are quite high.
Usually normal (not tech) people don't notice traffic shaping.
Because of the speed increase however, even normal people have started to notice something's wrong.
But with Newsleecher 4.0 beta's SSL traffic runs not with SSLv3.
Re: Support for SSLv2
Posted: July 7th, 2009, 1:52 am
by switch
It is my understanding that the server chooses which SSL protocol it wants to use for communication. We connect using the SSLv23_METHOD which supports SSLv2, SSLv3, and TLSv1 communication.
If there is the ability to choose to use SSLv2 I will look into it, however I am very surprised they are shaping all SSL traffic.
SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
A TLS/SSL connection established with these methods will understand the SSLv2, SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages and will indicate that it also understands SSLv3 and TLSv1. A server will understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best choice when compatibility is a concern.
Re: Support for SSLv2
Posted: July 7th, 2009, 2:45 am
by postduif
switch wrote:
It is my understanding that the server chooses which SSL protocol it wants to use for communication. We connect using the SSLv23_METHOD which supports SSLv2, SSLv3, and TLSv1 communication.
If there is the ability to choose to use SSLv2 I will look into it, however I am very surprised they are shaping all SSL traffic.
SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
A TLS/SSL connection established with these methods will understand the SSLv2, SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages and will indicate that it also understands SSLv3 and TLSv1. A server will understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best choice when compatibility is a concern.
Well, I've tried different usenet providers (astraweb, and dutch providers eweka and xsnews) but there's always an v3 connection. When I use Newsleecher v4 beta's on my windows machine, or Newsbin, which has a v2/v3 switch there's no shaping.
Is there a config file in sabnzbd to change the v2/v3 setting?
I'm using SABnzbd on MAC OS X primary.
Re: Support for SSLv2
Posted: July 7th, 2009, 5:53 am
by rAf
Maybe a dumb question but have you tried to connect using other ports like 443 ?
Re: Support for SSLv2
Posted: July 7th, 2009, 6:14 am
by rAf
maybe some ISP have started to shape traffic from knows usenet servers ip...
Re: Support for SSLv2
Posted: July 7th, 2009, 8:05 am
by postduif
rAf wrote:
Maybe a dumb question but have you tried to connect using other ports like 443 ?
Yes I have. Port 563 and 443 are shaped. Most usenet providers use these ports for SSL.
The ISP shapes when there's a combination of data with a v3 header and these ports. When I use another port (there's one USP who provides access at port 564) the speed is good.
Re: Support for SSLv2
Posted: July 7th, 2009, 9:04 am
by rAf
What version of SABnzbd are you using ?
Re: Support for SSLv2
Posted: July 7th, 2009, 10:18 am
by postduif
rAf wrote:
What version of SABnzbd are you using ?
Latest, 0.4.11
Re: Support for SSLv2
Posted: July 7th, 2009, 11:50 am
by rAf
Here a link with a customized version with SSLV2 connection instead of SSLV23.
http://osx.boiboite.net/downloads/SABnzbdSSLV2.zip
Could you try it and tell us if you see a change ?
Re: Support for SSLv2
Posted: July 7th, 2009, 1:41 pm
by postduif
YES Great!!
Thanks so much!
Re: Support for SSLv2
Posted: July 7th, 2009, 2:15 pm
by shypike
postduif wrote:
YES Great!!
Thanks so much!
Good for you, but I feel another server option coming :(
EDIT: or maybe just a overall option, because it's ISP-specific and not Usenet-server specific...
Re: Support for SSLv2
Posted: July 7th, 2009, 2:20 pm
by switch
Unless one of their servers do not support SSLv2...fringe case however; probably best as a general option, I'll add it for 0.5.
Re: Support for SSLv2
Posted: July 7th, 2009, 6:38 pm
by rAf
postduif wrote:
YES Great!!
Thanks so much!
Have you tested it ?
Re: Support for SSLv2
Posted: July 8th, 2009, 1:25 am
by postduif
rAf wrote:
postduif wrote:
YES Great!!
Thanks so much!
Have you tested it ?
Yes, speed is great now. At the same time, with the normal sabnzbd the speed is shaped by my ISP.
Re: Other SSL?
Posted: July 18th, 2009, 11:31 am
by lg4me
I really would like to use the sslv2 version, but I'm a windows user.
Can you release a modified windows version too?