Connecting to an HTTP/2-enabled webserver using Firefox

Even though this website [and the other sites hosted on this server] isn't very sensitive, I try to maintain the highest possible security by using up-to-date and secure software, as well as strong ciphers for the connection. After all, it's nobodys business what you read here, but yours.

I also try to use new technology whenever possible, so it makes sense, that I offer HTTP/2 connections.

Unfortunately, it turns out that combining the two isn't always as easy as it should be. My nginx cipher suite is configured as follows:

ssl_ciphers ECDH+AESGCM:ECDH+AES256:!AES128:!DH:!RSA:!3DES:!aNULL:!MD5:!DSS;

This is generally considered close to ideal security [let me know if you disagree], so I figured it should work with HTTP/2 - which emphasizes security greatly - without any problems.

The issue

Unfortunately, I was wrong. After enabling HTTP/2 in nginx, Firefox fails to connect to the server. Even worse, it did not display an error message, log an error to the console, or show any issue in the network debugger.

It turns out, that I missed, that the HTTP/2 standard has a hard requirement on AES-128 support, specifically TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. Apparently firefox ...

read more

Other articles

Addon-Signing - and why Mozilla is doing it wrong.

Do 19 Februar 2015
By Thomas Gstaedtner
Category: other , Tags: firefox

While it seems to have been in development for a while, it only recently got public coverage: Mozilla is planning to introduce addon-signing in firefox. First of all: I welcome that.

However, as beneficial signed addons can be, mozilla is still doing it wrong, and I'll elaborate on how so, and why.

What does it mean?

The idea behind signing addons is, that a trusted party can verify that the addon is what it claims to be, and - in a stretch - does not misbehave. For this, the addon is signed with a cryptographic key that cannot be faked and the person/organization who does the signing guarantees for the addon with their name. This certainly isn't a new concept, it is very sound and used in many places. For example: windows device drivers are signed by Microsoft, Linux kernel source releases are signed by Linus Torvalds, debian packages are signed by debian developers, and so on.

How does it work in firefox?

If signed addons are introduced in firefox, it means, that addons need to be signed so firefox will load them. I have not looked in detail on how mozilla will do that, but the easiest way ...

read more

Finding serial interfaces for beginners
So 04 Januar 2015
By Thomas Gstaedtner
Category: tricks , Tags: other
What I'm describing here probably isn't news for a lot of people, but I think some might find it useful anyway. If you're tinkering with any embedded device and don't really know how to get started, it always makes sense to look for a UART interface where you might be able to get a console interface to the device.

But how to find it? Turns out this is usually really easy!

Needed:
- Device
- Multimeter with 2 probes
How?

Usually the UART interfaces are extremely simple and operate at 3.3 V. Basically you need only 3 contact points on the board for a full console.
- TxD: This is where the board sends data
- RxD: This is where it receives
- GND: Just a grounded connection
Usually the boards have a connector or some pads with 4-8 connections, best look for a connector with 4 Pins first. Additionally this will include a VCC connection, this is a connection directly to the boards power. Usually this will be 3.3 V and you should find this pin, but not touch it (as we don't need it).
1. Set your multimeter to continuity testing (or if not available to low ...
read more

Cross Bike -> Mountain Bike

Fr 29 August 2014
By Thomas Gstaedtner
Category: bike , Tags: bike

Four years ago, I decided to buy a new bicycle. After having had only relatively cheap mountain bikes (which cool kids needed back then :P), and using it only for regular day to day driving, usually on roads and some unpaved dirt roads, I figured something more street oriented would be more useful. So I got a cross bike, to have the best of both worlds.

Lately, I found myself riding more and more beyond roads, around the local chines and forest trails, and my crosser really got to its limits (and I over the handlebar more than wanted :). So a mountain bike made more and more sense to me. Still, I really like my current bike and it held up really well over the past years, even tough I took it to much harsher terrain than it was made for - and I really couldn't get myself to buy yet another bike.

The solution was obvious: get a pair of MTB tires.

After looking into it, I realized that it wasn't that easy. While there are MTB tires for my 622 mm rims, they are really narrow in profile, and neither the rims nor the frame could support ...

read more

Releasing etvdb
Di 06 Mai 2014
By Thomas Gstaedtner
Category: projects , Tags: projects enlightenment gentoo
After having used it for quite a while, I feel it is time to announce the release of etvdb.

etvdb libary

etvdb is a high-level C library frontend to The TVDB. It is based on Eina and Ecore of the Enlightenment Foundation Libraries and easy to use in EFL apps, but can just as easily be used in other programs. It does not depend on a mainloop. Additionally it uses libcurl, so the dependencies are quite small.

The current release is version 0.3.0 and you can get it from my Github Repo. The API documentation is available on my site.

Right now it only has a synchronous API, but I do plan to add a asynchronous one at some point in the future. This means, that you'll have to run it in a thread for interactive applications for now.

etvdb command line tool

In addition to the library, there is etvdb_cli, which is basically a command line frontend to The TVDB based on etvdb. It has currently 3 basic usage modes:
- CSV-like output
  
  In this mode you can get a CSV-like output that you can write to a file. This is the default mode.
- query mode
  
  In ...
read more

Page 1 / 5 »