pixelserv-tls v2.1 Scores A in Tests

pixelserv-tls v2.1 is imminent for release. I setup a special instance in my home lab and put it under scrutiny of SSL Labs tests. Test version 2.1.0-rc.2 pleasantly scores an overall A. Quite a few other things from the test report worth highlights.

v2.1 brings in TLSv1.0 support to cover the widest range of client devices for better compatibility in many different environments. This is in addition to TLSv1.2 which is supported since the initial release and the most commonly used version of TLS. Combined together, result in this long list of supported clients as proven to work in the tests.

pixelserv-tls cherrypicks ciphers with care to minimise computation on both clients and servers and leave CPU cycles to provide fast responses. Yet ciphers should exceed minimum mandatory requirements by modern browsers. This gives v2.1 a healthy sub-score of 80% in Cipher Strength that places one extra mile from obsolescence.

More protocol details from the tests that may be of interest to geeks. There zero red alerts and a few green's on the other hand. Note that v2.1 does support both favours of SSL session resumption, caching and tickets in SSL Labs terminology. The tests are not able to detect the presence of the older favour.

Session resumption is aka SSL caching in v2.1. Users can see it in action through the new scX and ssX counters on the servstats page. Google Chrome supports both and the newer favour (session tickets) takes preference. Safari (as of early 2018) only supports the old favour.

In the SSL Labs tests, v2.1 perhaps scores more than many production servers on the Internet. For adblocking, A is a bit excessive... but why not? :)


Stephen Yip

Something about you know. Come and share.

comments powered by Disqus