/ Register

Get the most out of your Centmin Mod LEMP stack
Become a Member

Beta Branch add download_cmd function to check for ECDSA SSL based HTTPS download…

Discussion in 'Centmin Mod Github Commits' started by eva2000, Oct 5, 2016.

Tags:
Previous Thread Next Thread
Loading...
  1. Oct 5, 2016 #1
    eva2000

    eva2000 Administrator Staff Member

    35,992
    7,896
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,176
    Local Time:
    11:31 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    add download_cmd function to check for ECDSA SSL based HTTPS download links in 123.09beta01

    Centmin Mod tries to speed up downloads via multi-threaded axel download accelerator instead of single threaded wget. However, axel doesn't support HTTPS based download links which use ECC 256bit SSL ECDSA ssl ciphers due to CentOS system OpenSSL 1.0.1e not supporting them. Only OpenSSL 1.0.2+ supports them. However, compiling time for OpenSSL 1.0.2 would outweight the speed benefits of axel vs wget. This problem was discovered in Install - Installation stuck at Download libressl-2.4.3.tar.gz ... | Page 2 | Centmin Mod Community

    The workaround for 123.09beta01 and higher is to wrap the download routines in a download_cmd function which checks the download link's verbose curl'd headers for existence of ECDSA connections. ECDSA will be most common for Cloudflare HTTPS free Universal SSL served HTTPS sites but not limited to just Cloudflare. When the curl'd headers find ECDSA connections, the download_cmd function rewrites and redefines the download client via DOWNLOADAPP variable to switch from axel back to wget.

    The workaround is needed as in future more sites will use Cloudflare free SSL, which means greater possibility that 3rd party download links that Centmin Mod relies on will be served via ECDSA based connections of which axel doesn't support. CentOS 7.4 is the slated version for native system OpenSSL 1.0.2+ at which time axel will be compiled against OpenSSL 1.0.2+ system version and thus support ECDSA connections hopefully.

    Continue reading...

    123.09beta01 branch
     
    Last edited: Oct 5, 2016
  2. Oct 5, 2016 #2
    eva2000

    eva2000 Administrator Staff Member

    35,992
    7,896
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,176
    Local Time:
    11:31 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    example of axel download error when trying to download from a HTTPS site with ECDSA based ssl certificates i.e. Cloudflare
    Code (Text):
    axel https://centmin.sh/centminmodparts/ccache/ccache-3.3.2.tar.gz
Initializing download: https://centmin.sh/centminmodparts/ccache/ccache-3.3.2.tar.gz
SSL error: tlsv1 alert internal error
     
Previous Thread Next Thread
Loading...
..

.