| 2 Jun 2025 |
 infinisil | Jeremy Fleischman (jfly): We might need to do some more: https://public.infinisil.com/2025-06-02_21-43.png | 19:44:52 |
| infinisil | (the bottommost error is probably just because there are no background jobs, though the error message sucks if so) | 19:47:01 |
 Jeremy Fleischman (jfly) | ok, good to know!
Nina predicted the modules permissions error in https://cyberchaos.dev/e1mo/freescout-nix-flake/-/issues/1. That's a good reminder that we should try out a module. | 19:58:29 |
| Jeremy Fleischman (jfly) | * ok, good to know!
Nina predicted the modules permissions error(s) in https://cyberchaos.dev/e1mo/freescout-nix-flake/-/issues/1. That's a good reminder that we should try out a module. | 19:59:03 |
| Jeremy Fleischman (jfly) | files https://cyberchaos.dev/e1mo/freescout-nix-flake/-/issues/2 for the public/storage issue | 20:03:59 |
| Jeremy Fleischman (jfly) | and https://cyberchaos.dev/e1mo/freescout-nix-flake/-/issues/3 for the .env perms issue | 20:05:59 |
 Arian | Some interesting things I noticed looking at Fastly dashboard:
We have 0 requests using TLS 1.3. They’re all using TLS 1.2. Is this some limitation in the nix codebase in how we setup openssl?
half of the requests are HTTP1.1 and the other half HTTP2. I would expect way more (maybe even all) to be HTTP2. Where is all that HTTP1.1 traffic coming from?
| 20:39:52 |
 hexa (signing key rotation when) | our config does not support tls1.3 | 20:48:04 |
| hexa (signing key rotation when) | it supports 1.1 and 1.2 and all clients use 1.2 | 20:48:11 |
| hexa (signing key rotation when) | at least the last time I checked, which was early januar | 20:48:29 |
| hexa (signing key rotation when) | * at least the last time I checked, which was early january | 20:48:30 |
| hexa (signing key rotation when) | interesting profiles would support h2/h3 with 0rtt, but the offered ones lack ipv6 | 20:49:02 |
| hexa (signing key rotation when) | see https://manage.fastly.com/network/subscriptions | 20:50:51 |
| Arian | having to choose between TLS1.3 and Ipv6 is wild | 20:51:18 |
| hexa (signing key rotation when) | hm, no … that's not it | 20:51:20 |
| hexa (signing key rotation when) | https://manage.fastly.com/network/tls-configurations | 20:51:31 |
| Arian | Okay that’s one mystery down. But why is half our traffic HTTP 1.1? | 20:51:39 |
| hexa (signing key rotation when) | that is surprising to me | 20:52:08 |
| Arian | https://manage.fastly.com/observability/dashboard/system/overview/details/Tb10gX/7mNUQGZO6YxAd2jpokgWxS?mode=historic&view=data | 20:53:15 |
| hexa (signing key rotation when) | oh, I confused h1/h2 with tls11/12 | 20:54:39 |
| hexa (signing key rotation when) | and while we offer tls11/12 all clients use tls12 | 20:54:50 |
| hexa (signing key rotation when) | * oh, I misremembered the numbers for tls11/12 as h1/h2 | 20:55:11 |
| hexa (signing key rotation when) | so one thing we could add is a https record with alpn information | 20:55:34 |
| hexa (signing key rotation when) | and see if that makes a dent, though I would be surprised if it did | 20:55:54 |
