 07 May 2015, Konstantin Olchanski, Info, midas.triumf.ca https ssl certificate update
|
The SSL certificate for https://midas.triumf.ca has been resigned with SHA256 to fix the complaint from google-chrome about SHA1-signed certificate -
SHA1 signatures are now considered to be insufficiently secure, have to be replaced by SHA256.
|
|
22 May 2015, Konstantin Olchanski, Info, mhttpd HTTPS/SSL server updated
|
I updated the mhttpd HTTPS/SSL server (mongoose) and https://www.ssllabs.com/ssltest/index.html is
now more or less happy with it. google chrome connects using "modern cryptography".
|
 07 Jul 2015, Konstantin Olchanski, Info, mhttpd HTTPS/SSL server updated
|
> mhttpd uses the latest release of mongoose 4.2 which is no longer supported by
> author. Latest version of mongoose is 5.x which has a severely improved API, but removed automatic
> multithreading.
|
|
15 Jul 2015, Konstantin Olchanski, Info, mlogger improvements
|
A set of improvements to mlogger is in:
a) event buffer (SYSTEM) size up to 2GB
|
|
15 Jul 2015, Konstantin Olchanski, Info, mhttpd HTTPS/SSL server updated
|
> > mhttpd uses the latest release of mongoose 4.2
mhttpd is now explicitly linked with OpenSSL to provide secure https connections via the mongoose web server.
|
|
15 Jul 2015, Konstantin Olchanski, Info, ROOT support in flux
|
ROOT support in MIDAS is being reworked:
a) ROOT support moved from midas.h to rmidas.h
|
|
22 Jul 2015, Konstantin Olchanski, Info, ROOT support in flux
|
> ROOT support in MIDAS is being reworked:
>
> c) Makefile inconsistency between use of ROOTSYS and use of root-config has been identified,
|
|
22 Jul 2015, Konstantin Olchanski, Info, ROOT support in flux
|
> > ROOT support in MIDAS is being reworked:
> >
> > c) Makefile inconsistency between use of ROOTSYS and use of root-config has been identified,
|
|
23 Jul 2015, Konstantin Olchanski, Info, rootana lz4 support, mlogger improvements
|
> A set of improvements to mlogger is in:
> b) test version of LZ4 high speed compression, support for bzip2 and pbzip2
|
|
23 Jul 2015, Konstantin Olchanski, Info, mlogger improvements
|
> A set of improvements to mlogger is in:
> The current test version implements the following selections of "compression":
>
|
|
24 Jul 2015, Konstantin Olchanski, Info, MAX_EVENT_SIZE removed
|
The define for MAX_EVENT_SIZE was removed from midas.h.
Replacing it is DEFAULT_MAX_EVENT_SIZE set to 4 MiBytes and DEFAULT_BUFFER_SIZE
|
|
24 Jul 2015, Konstantin Olchanski, Info, Plans for improving midas network security
|
There is a number of problems with network security in midas. (as separate from web/http/https security).
1) too many network sockets are unnecessarily bound to the external network interface instead of localhost (UDP ports are already bound to localhost on |
|
24 Jul 2015, Konstantin Olchanski, Info, Plans for improving midas network security
|
There is a number of problems with network security in midas. (as separate from
web/http/https security).
|
|
28 Jul 2015, Konstantin Olchanski, Info, Plans for improving midas network security
|
New git branch "feature/rpcsecurity" implements these security features:
- all UDP ports are bound to the localhost interface - connections from outside are not possible
|
|
29 Jul 2015, Konstantin Olchanski, Info, mlogger improvements - CRC32C, SHA-2
|
> A set of improvements to mlogger is in:
Preliminary support for CRC32-zlib, CRC32C, SHA-256 and SHA-512 is in. Checksums are computed correctly, but plumbing configuration is
|
|
29 Jul 2015, Konstantin Olchanski, Info, ROOT support in flux
|
The preliminary version of the .bashrc blurb looks like this
(a couple of flaws:
1) identification of CentOS7 is incomplete - please send me a patch
|
|
12 Aug 2015, Konstantin Olchanski, Info, Merged - improved midas network security
|
> New git branch "feature/rpcsecurity" implements these security features:
Branch was merged into main midas with a few minor changes:
|
|
12 Aug 2015, Konstantin Olchanski, Info, mhttpd HTTPS/SSL server updated
|
> > > mhttpd uses the latest release of mongoose 4.2
HTTPS support is completely broken in mongoose.c between July 28th (1bc9d8eae48f51ceb73ffd918046cfe74d286909)
|
|
14 Aug 2015, Stefan Ritt, Info, Merged - improved midas network security
|
I tested the new scheme and am quite happy with. Just a minor thing. When I change the ACL, I get messages from all attached programs, like:
[local:Online:S]RPC hosts>set "Allowed hosts[1]" "host.psi.ch"
|
|
14 Aug 2015, Konstantin Olchanski, Info, Merged - improved midas network security
|
> [local:Online:S]RPC hosts>set "Allowed hosts[1]" "host.psi.ch"
> [ODBEdit,INFO] Reloading RPC hosts access control list via hotlink callback
|