Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2019-12-25 14:09:36

gaekwad
Admin
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,783

Server migration and refresh, spring 2020

In the spirit of transparency and openness, please consider this a heads-up for a planned Textpattern server migration in spring 2020. This post is background information for curious folks. No action is required.

The rationale behind the decision is primarily an operating system upgrade, along with some fine-tuning of TLS ciphers and other security / performance aspects. All Textpattern properties will continue to work as they do now, with some behind-the-scenes improvements as we go.

The operating system upgrade will take us from Ubuntu 18.04 LTS to Ubuntu 20.04 LTS. The LTS part refers to Long Term Support, which is usually a reliable jump every two years. Many software vendors target their release packages at these LTS versions. I’m not expecting any obvious or glaring changes in the LTS release, especially not anything that can be seen publicly but if anything relevant changes I will let you know as soon as possible.

The TLS ciphers change is dependent on testing. At the moment, the server cipher list is pegged at version 4.0 of the Mozilla Server Side TLS spec. This gives us a broad coverage on most browsers from the past bunch of years, and 100% coverage on supported versions. I am not aware of any usability issues apart from some prehistoric browsers, but do let me know if you’re struggling with a certain combination of operating system and browser.

I would like to switch to version 5.0 of the TLS spec, but that needs to be properly tested first. It’s a considerable reduction in active ciphers, removing the weak ones. In real terms, this may affect support for exotic browsers on older operating systems. In related real terms, if this does affect real-world use of the sites, we’ll stick to the current TLS setup. I can live with somewhat weak ciphers if that means we have noticeably better support.

Right now, we get an A+ rating for server security (see here for the latest/current results). I am happy with this. As time progresses and weaknesses are found, ciphers listed in those results switch from green (good) to orange (weak). We have to balance the ciphers with the audience, and also keep things performant (and also help me sleep at night).

I’ll spin up a disposable server in late winter / early spring so we can battle test some ciphers and see how it goes with regulars around here. Testers very warmly welcomed.

The change of server will give us a different IPv4 address, a different IPv6 address range and a new hostname (if you’re curious: trumpet.textpattern.com is the current planned name). For email delivery, we’ll use one of the IPv6 range and I’ll start to warm this up in springtime. I know some people here have email delivery filters and such, so as soon as I know the new IPs, I will update this post.

Any questions, please ask. No action is required right now, and all being well you won’t even know things have moved when they’re done.

Thanks for reading.

Offline

Board footer

Powered by FluxBB