Slow API calls after turning off sslV3 on server - paypal

First, I'm way over my head as I know just about nothing about managing a server, even less a server's security settings (I have been externally hosted for 20 years!).
My shared environment host (Newtek) has recently turned off sslV3, (I understand is a good thing -see poodle bug), but since then, some API calls that are being made are slow and some are not.
All API calls to UPS, CanadaPost and Paypal are slow (average of 20 sec per call ) while all calls to FB or Google map are fast (1 sec. per call).
All API calls use HTTPS.
My question to you is either:
-Does anybody have some clues has to what is going on? And if not, does anybody have any suggestions as to how to find out what is going on? Basically where and how to even look for the source of trouble!?! (As I don't know enough about what is going on behind the scene for any part of these connections to troubleshoot.)
A few notes:
After my host investigated various things, they have ruled out xmlParser as the cause,since the slowness can be observed even on dumping the cfhttp.filecontent.
My host installed a new version of my domain ssl which now uses SHA256.
My host server is running CF10 on IIS 7
I can't reproduce this on my local development server and of course don't have full access to the live server.
There is no CF error to report. Only very slow connection.
Thank you for any help you can provide!

Related

Using VPS to create VPN and using the local Ip address to send (Secure) a get/websocket request

So I have a VPS (Cent Os 7) and using openvpn I created VPN having an address of 10.0.8.1 now on my front end I connected to VPN using openvpn after connecting I get access to websocket on 10.0.8.1 but its not secure I want access to wss on the same address. I have also tried using a secure domain name to connect but it still fails I can only connect it with either http or ws and not with https or wss
This is very trivial as far as a question but all in all, without telling you how to perform anything in details - the question is WWAAAYYY too broad to even consider answering without unevitably creating more questions than solving a problem or helping you.
You need to add cryptography to your websocket server, same as a web server is able to run in HTTPS mode rather than unencrypted. I'm sure you can see the similarity between both abreviations of the respective protocols and how they are different from their original, unencrypted/vulnerable default configuration.
http -> https
ws -> wss
Start reading on adding a SSL certificate to your websocket server config and then you will have a WSS connection - if all goes well of course!
I believe in you
p.s. - this is not the type of question that is very well received by the majority of the community. It is too broad to be of any interrest to anyone.A complete, well-built, comprehensive answer isn't something that fits within the boudaries of most community members as there is WAY too many variables and unknowns here. Anything will most likely create more questions (of this quality) than help you or anyone else. You lack basic knowledge in order to construct a question that doesn't sound anything other than 'i need a full tutorial'. Community doesn't provide tutorials, custom solutions or anything that resssembles a full product/service. We rather help solve smaller, more precise and clear issues that pop up day to day in the field. Generally, when someone "talks the talk", it implies that the bases are covered and an issue arose. For now, you must learn to "walk the walk" i suppose.
Everyone wore the same shoes at some point or another and good memory comes from remembering such stuff from when we started playing with the wall socket angry pixies!
Cheers!

Make server inaccessible to anything but REST requests

Is there a way to make a machine that is connected to the internet unreachable by any means except REST requests? For background as to my quetion:
I have a really nice REST server/client project, with encrypted communication, in which the weak spot in the encryption technique is the code. Without seeing the code it is impossible to break the encryption, but if you see the code it is probably possible to figure out how to decrypt intercepted communication.
Due to this, I would like the server code at least to be as well protected as possible. Is there a way to make a machine that is connected to the internet unreachable by any means except REST requests to stop any hope of an attacker gaining access to the code or data that the server is serving up? I'm open to the idea of a bare metal solution if that would make for the safest system, the server's only job really will be just to server information requested via REST requests and nothing else.
(I'm aware this will still leave the client code as a weak spot, but I'm taking this one step at a time. Protecting the client code is presumably going to be a much bigger problem and probably impossible as I intend to eventually distribute the client executables).

Server for iPhone; continuous connection

Ok lets say I want to create a connection between my iPhone app and my server (i'd like to try and use GoDaddy servers for this) to server real time location data to users.
I've seen plenty of good stuff online about using sockets, streams, ASIHttpmessage, CFHTTPMessageRef, etc., but what I'm unclear about is how to set up a server that continuously servers real time data to users (I believe you'd need a stream of data going to the user for this, not just a single http request and response). How does one take a host like GoDaddy and run server code on it. I know you can set up a server like this using terminal, but I don't have access to command line or the ability to run this "server program" from my web host as far as I know. Is there software I can download on my cpanel for this? Do I need a virtual private server and different hosting via GoDaddy maybe?
Does anyone know how I can do this or if my understanding of this whole thing is wrong. Please keep in mind I need this real time (or close to). Please, educate me. I really just need a better understanding of how this works.

Loopback.io backup server and server to server replication

I am thinking of adopting Loopback.io to create a REST API. I may need the following approach: an inTERnet server (run by me) to which clients connect, plus a fallback inTRAnet server to which clients connect only in case the internet connection is down. This secondary fallback server should then replicate data on the main server when the internet connection is up and running again. As clients are on the same inTRAnet they should be able to switch automatically to the fallback server. Is this possible as an idea and if so, what do you recommend i start digging into?
Thank you all!
Matteo
Simon from my other account. I believe what you want is possible as you can use whatever client side technology you want with LoopBack. As for easy solutions, I'm not familiar enough with Cordova to give any insight there.
It is definitely possible, but I suggest going through the getting started tutorial first. You'd probably create two application servers and have another proxy in front to route the requests to server a or b based a heartbeat from the main server. You would have to code all the logic and set up the infrastructure yourself though.

simulate server load with BSD sockets

I'm using blocking TCP sockets in C and I want to simulate a high load on the server when there are many simultaneous connections and then I want to measure the time necessary to access the server via a browser during this high load time (the server understands HTTP headers).
Also each client request ends fast (sends a HTTP header - gets text).
How do I do this (without crashing my local machine -> I tried using fork to make many clients; also, I have a virtual machine too).
If anyone has an idea or some general directions about how to do this, it would mean a lot.
Edit: I need to run this with my own client, which uses a modified version of the OpenSSL library to connect to my SSL/TLS server, so I can't use external test tools.
I want to know how to build the client and the server. I don't know too much about other sockets than the blocking ones, I'm just skimming through the UNIX Network Programming book of Richard Stevens, but I was wondering if anyone could point out the exact solution.
Thank you !
The easiest resolution to this would be to download an existing stress testing framework such as fwptt ( http://fwptt.sourceforge.net/ ).
If you want to implemennt your own stress testing framework, I'd suggest you lose the blocking nature of your code and go with a parallel design that will scale beautifully. The limiting factor is pretty much your CPU then.
Having two physical servers would be ideal, so that then your stress test isn't affecting the CPU (and therefore the response times) of the server. Also that VM of yours drains up precious CPU time.