Jump to content

Sean

Sophist Member
  • Content count

    204
  • Joined

  • Last visited

  • Speed Test

    My Results
  • Days Won

    54

Reputation Activity

  1. Like
    Sean reacted to CA3LE in Kilobytes and Kilobits Abbreviation Conventions   
    Hi swantesty,
     

     
    I'm using the correct conversions, please see https://testmy.net/understand-bandwidth.
     
    In your details you can see next to the result in Mbps is also the result in MB/s.
     

     
    You may not be getting the same results as other tests because TestMy.net is not the other speed tests.  Other speed tests draw resources in multiple streams.  Although TestMy.net can test that way (enable the multithread speed test and test again as you normally do, keep in mind it remembers the setting next time) it does not work this way by default.  As a community we found right away that the multithread testing method that everyone uses often masks issues.  You can achieve higher results in multithread even if you have an issue affecting your bandwidth.  You should instead be tuning single thread performance, if that performs at it's full potential the multithread results will always fall in line.
     
    Multithread speed test results favor the ISP.  They'd rather you had 10 pipes at 10 Mbps than to draw that all down one pipe.  In that example you will appear to have 100 Mbps when you aggregate the result into one but in TMN's eyes... you have 10 Mbps.  TMN isn't here to make it easy, it's here to help you improve.  It will only call it how it sees it.
     
    I've seen it on my own connection and my own mother has seen it on hers.  Both times (separate instances) we knew we had an issue at the time so we went out and used a bunch of other speed tests to compare what members had been telling us for years.  speedtest.net and others reported 10X higher result when we had modem issues that were physically limiting the single thread performance.  If we had only used the other tests we could have thought, "well it must just be the websites I'm visiting."   --- The only test that gave indication to the issue was TestMy.net.  Modems were swapped and both times and instantly performance returned on TMN results.  Re-testing other speed tests had pretty much the same results as before so again, no indication.  We had many other factors that were tested outside of speed tests to prove the performance was in line with what TMN was reporting.  That was probably over 7 years ago, the same is true now.  The methodology here is the same as it has been since TMN's inception in 2001.
  2. Like
    Sean got a reaction from CA3LE in TCP Optimizer (program) results in no improvement   
    Going by that Downstream rate, your modem appears to be facing a lot of noise or attenuation on the line.
     
    Check the downstream attenuation and noise margin (or S/N) figrues. 
     
    If the S/N value is higher than 6dB, try rebooting the modem and see if the Downstream figure increases.  If the S/N figure remains quite high such as over 12dB, then the Internet service provider is likely restricting your maximum speed.  For example, on my DSL line, the maximum I can get is 5120Kbps as that is what the ISP deems is the maximum my line can support.
     
    If the downstream attenuation figure is very high such as over 50dB (and you're not 2+ miles from the exchange), try another phone lead between your modem and the socket and check if the figure improves after the DSL syncs again.  If the figure does not improve, then there is likely some other fault with the line such as degradation, water ingress, corroded contacts (including at the exchange end), etc.  If you have a DSL filter/splitter, try removing it.
  3. Like
    Sean reacted to mudmanc4 in testmy.net perfection   
    Let this sink in for a moment.
     

     
    Now have a look at setting in squid locally:
     

  4. Like
    Sean got a reaction from AlmightyBeanz93 in Net Neutrality and throttling of testmy.net by ISP   
    If ISPs decide to throttle traffic, they would need to do this all services to be effective, in which case it would probably be easier for them to charge by maximum speed like many ISPs did in the post, e.g. one price for 10Mbps, a higher price for 50Mbps and so on.  Otherwise, it would be relatively straight forward to overcome with the use of a VPN.  Let's say an ISP prioritises port 8080 to deliver fast speed tests while throttling everything else, just use something like OpenVPN over port 8080 with a VPN privacy service.  To the ISP, all your traffic would be seen and treated as speed test traffic.
     
    For example, about two years ago the Irish cellular networks Three and Vodafone were doing something similar, i.e. throttling most traffic over the standard web ports (e.g. HTTP port 80), while letting port 8080 run at full speed to deliver fast speed tests, at least with the well-known Ookla Speedtest App.  At the time, it meant one could get 4G speed tests over 20Mbps, yet faced slow browsing speeds similar to a 1Mbps connection.  All I had to do was make a VPN connection over port 8080 (same port # as Ookla uses for its speed tests) and everything performed a heck of a lot better.  A few months later, Three changed their tactic by prioritising certain services such as YouTube when the network is congested.  This means YouTube can potentially play 4K fine even when the speed tests (including Ookla) deliver low test result figures. 
  5. Thanks
    Sean reacted to CA3LE in Add Cloudflare as a Multithread test server   
    I'm not really sure why it was disabled, it used to be an option.     I think there was an issue with it at some point, it was disabled and just never re-enabled.
     
    You can select cloud.testmy.net from the multithread selection now.
     

     
    Let me know how it works for you.  Thanks for pointing that out too.
  6. Thanks
    Sean reacted to CA3LE in Multithread mode test [STOP] and Express upload buttons are broken   
    Thank you Sean, all of those issues should be resolved now. 
  7. Thanks
    Sean got a reaction from CA3LE in Multithread mode test [STOP] and Express upload buttons are broken   
    When a multithread test is in progress, the [STOP] button does not work properly, bringing up a 'Secure Connection Failed' error screen.  When I hover my mouse over the [STOP] button...

    ... the address shown in the status bar has a ':80' after the domain name:

     
    It affects the mobile website also, again bringing up an error screen when I touch [STOP], with the ':80' clearly in the URL it tried loading:

     
    This issue also affects the upload test on the mobile website when Multithread mode is enabled (left image).  The Express upload test also fails with Multithread mode enabled (right image):

  8. Like
    Sean reacted to CA3LE in Isn't HOSTSTATS likely to be badly skewed, by definition?   
    The same logic where more people are likely to post negative reviews than positive ones.  You're probably right, to a degree.  I think there are also plenty of people who test here on sunny days.  If that is true, it's true across the board with all providers.  They're all being judged using the same method.  In my experience, the better providers always perform better and rank higher here.  Is any of this perfect, no.  Will it ever be perfect, no.  Will I try, definitely.
     
    After TMN's recent full switch to https (SSL) settles in with the search engines I have an upgrade to the host stats pages you mention.  It aggregates a much broader range and I think it better represents the highlighted ISP, city or country's speed because it won't just be showing you the logs like it does today.  It will unlock a huge amount of information that TMN has been calculating and storing in private databases for a very long time now.    So look for that tool to become higher resolution in the near future.
  9. Like
    Sean got a reaction from AlmightyBeanz93 in Net Neutrality and throttling of testmy.net by ISP   
    If ISPs decide to throttle traffic, they would need to do this all services to be effective, in which case it would probably be easier for them to charge by maximum speed like many ISPs did in the post, e.g. one price for 10Mbps, a higher price for 50Mbps and so on.  Otherwise, it would be relatively straight forward to overcome with the use of a VPN.  Let's say an ISP prioritises port 8080 to deliver fast speed tests while throttling everything else, just use something like OpenVPN over port 8080 with a VPN privacy service.  To the ISP, all your traffic would be seen and treated as speed test traffic.
     
    For example, about two years ago the Irish cellular networks Three and Vodafone were doing something similar, i.e. throttling most traffic over the standard web ports (e.g. HTTP port 80), while letting port 8080 run at full speed to deliver fast speed tests, at least with the well-known Ookla Speedtest App.  At the time, it meant one could get 4G speed tests over 20Mbps, yet faced slow browsing speeds similar to a 1Mbps connection.  All I had to do was make a VPN connection over port 8080 (same port # as Ookla uses for its speed tests) and everything performed a heck of a lot better.  A few months later, Three changed their tactic by prioritising certain services such as YouTube when the network is congested.  This means YouTube can potentially play 4K fine even when the speed tests (including Ookla) deliver low test result figures. 
  10. Like
    Sean got a reaction from mudmanc4 in cleaning a pc with air compressor   
    As ridiculous as it sounds, most computer components such as the motherboard, PSU and certain expansion cards can survive a full dishwasher cycle.  Obviously that's not how I recommend cleaning a PC.
     
    The following 8-year old video is an example.  The internals were covered in cigarette smoke residue, so he decided to dismantle the components and put them through the dish washer, with the exception of the case, battery and the hard disk. 
     
     
    I also enjoy watching videos on old hardware such as restoration videos.  I have come ones where such hobbyists put components through a dishwasher cycle to clean extensive debris build-up from being left for 10+ years in storage such as a dusty shed.
     
    As long as no moisture remains when the PC is powered up, it should be fine.  I generally clean my PC with an air duster, which is basically an aerosol can filled with propellant gas.  Here in Ireland, humidity is usually on the high side, e.g. I run a dehumidifier to keep the indoor level below 60%.
     
    The only component I may wash is the keyboard.  I have a Corsair Cherry Red Mechanical keyboard that I accidentally knocked a glass of cider on.  I immediately unplugged it, tried wiping off what I could and let it dry.  Once dry, many of the letters were sticking.  When I started removing the keys to try cleaning below, I realised the mechanical switches were jamming.
     
    With what appeared to be a ruined keyboard that I only purchased a few months before the incident, I figured I'll try giving it a bath as we don't have a dishwasher.  I partially filled a wide container with water from our dehumidifier (since it's effectively distilled), soaked the keyboard and pushed each key multiples times to force water through the switches.  I left it to dry for about a week.  It's fully functional again, all keys work and no sticking or other issue since. 
  11. Thanks
    Sean reacted to CA3LE in Here we go again. No detected provider.   
    I'll implement IPv6 GeoIP, it's in beta now.  Thank you Sean!
     
    Sorry for taking so long to respond, we just had a baby. 
  12. Thanks
    Sean got a reaction from CA3LE in Here we go again. No detected provider.   
    I have now tested this on an Eir 150Mbps FTTH connection which provides full IPv6 routing and get it looks like this issue is indeed IPv6 related:
     

  13. Thanks
    Sean got a reaction from CA3LE in Here we go again. No detected provider.   
    I am now able to replicate the issue at my end:
     

     
    The first two tests were over IPv6 (using the HE Tunnel Broker) and the second two tests were with IPv6 connectivity disabled.
     
    I'm not sure if the TestMy tests fully implement IPv6 support, however, the website itself has IPv6 connectivity.  The second ping below is when I re-enabled IPv6 on my network adapter:
     

     
    I'm not sure if the Hughes Network provides IPv6 connectivity, but if they now do, this may explain the provider identification issue.
  14. Thanks
    Sean reacted to CA3LE in Why is TestMy.net not showing up in Google?   
     
    Originally when I turned https on it was because you wanted to test on SSL and port 8080... I didn't necessarily want the search engines spidering what we hadn't even tested.  I think Google is going to weigh https sites heavier in the future so I'm moving the site over to https.  They already are but I expect it's going to be even more so.  I didn't realize the noindex was still in there... it's now controlled correctly with a separate robots.txt using mod_rewrite to switch the file.
     
    RewriteCond %{SERVER_PORT} ^443$ RewriteRule ^robots\.txt$ robots_ssl.txt [L]  
    ...but I've already disabled that in preparation.
     
    I'll make sure to include a toggle in the new settings with the option to switch between http and https.  But the site itself will completely run on SSL, regardless of the option selected.  And visiting https://testmy.net will no longer trigger that option.  It's really already done, I just want to make sure before I flip it over that I'm not missing anything that will affect pagerank negatively.
     
    I don't think the noindex on the https version was causing the issue though.  TestMy.net is showing up on Google again, before I removed that line.  Could have been one or a combination of the issues we previously talked about.  I'll keep working to find my mistakes. :-/ -- one constant is human error.
  15. Thanks
    Sean got a reaction from CA3LE in Why is TestMy.net not showing up in Google?   
    One possibility is that Google sees too many versions of the index, e.g. uk.testmy.net, dallas.testmy.net, etc.  and only lists a few variants.  I remember this being a pain in the past in the Joomla 1.x days where it would show the same page under various URLs and Google usually ended indexing obscure URL variations of some pages.
     
    Both Bing and DuckDuckGo have the main test.my homepage URL indexed, so it doesn't seem to be something preventing crawlers from indexing it. 
     
    One thing I suggest is adding a Canonical meta header tag to the home page to specify "https://testmy.net" as the preferred URL, as explained here.
  16. Thanks
    Sean got a reaction from CA3LE in Make speed test results available as data downloads   
    On the Results page, there's an 'Export' button just below the graph.  This will export your results history as a CSV file:
     

     
    The resulting CSV can open up as a spreadsheet such as with Excel:
     

  17. Like
    Sean got a reaction from mudmanc4 in cleaning a pc with air compressor   
    As ridiculous as it sounds, most computer components such as the motherboard, PSU and certain expansion cards can survive a full dishwasher cycle.  Obviously that's not how I recommend cleaning a PC.
     
    The following 8-year old video is an example.  The internals were covered in cigarette smoke residue, so he decided to dismantle the components and put them through the dish washer, with the exception of the case, battery and the hard disk. 
     
     
    I also enjoy watching videos on old hardware such as restoration videos.  I have come ones where such hobbyists put components through a dishwasher cycle to clean extensive debris build-up from being left for 10+ years in storage such as a dusty shed.
     
    As long as no moisture remains when the PC is powered up, it should be fine.  I generally clean my PC with an air duster, which is basically an aerosol can filled with propellant gas.  Here in Ireland, humidity is usually on the high side, e.g. I run a dehumidifier to keep the indoor level below 60%.
     
    The only component I may wash is the keyboard.  I have a Corsair Cherry Red Mechanical keyboard that I accidentally knocked a glass of cider on.  I immediately unplugged it, tried wiping off what I could and let it dry.  Once dry, many of the letters were sticking.  When I started removing the keys to try cleaning below, I realised the mechanical switches were jamming.
     
    With what appeared to be a ruined keyboard that I only purchased a few months before the incident, I figured I'll try giving it a bath as we don't have a dishwasher.  I partially filled a wide container with water from our dehumidifier (since it's effectively distilled), soaked the keyboard and pushed each key multiples times to force water through the switches.  I left it to dry for about a week.  It's fully functional again, all keys work and no sticking or other issue since. 
  18. Like
    Sean reacted to mudmanc4 in You know you have a borked up connection when .....   
    Found this chart someone posted today
     

  19. Like
    Sean reacted to Pgoodwin1 in New Router helped my speeds   
    I'm on a Spectrum 100 Mbps down load, 10 Mbps upload plan. I replaced my 100 Mbps wired router with a used $57 5th gen Apple AirPort Extreme Base Station (gigabit Ethernet)
     
    my speeds improved from 80 Mbps average upload to about 116 Mbps. The first pic shows the before and after plot. The second pic is the latest average.
     
    the 3rd pic is one test plot with the old router. 4th pic is one test with plot the new router. 
     
    TestMy helped me identify the potential limitation of the 100 Mbps wired router (it was trying very hard), and testing here documents the improvement. Great site.




  20. Like
    Sean reacted to nanobot in RC4, error growing   
    So I started nmap up, ran some scans (I'm sure @CA3LE won't mind me running some penetration tests against his server) on the SSL ports, and I couldn't find RC4 on the list of ciphers, at all, but then I did on an SMTPS (465) port, but you shouldn't be affected by that.
     
    So I got curious, and researched further, and you said it happens about every 10th website, so I have a few follow up questions:
     
    1. Are you using Wireless?
       a. If so, are you using WEP? Apparently RC4 was used in the WEP security standard (which has been an insecurity standard for years now).
    2. Are you certain there is no MITM attack against you?
     
    For those interested, here's the result of my nmap scan:
     
    Elliotts-iMac:~ elliottbrown$ nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995 www.testmy.net Starting Nmap 7.50 ( https://nmap.org ) at 2017-07-20 18:29 EDT Nmap scan report for www.testmy.net (64.111.22.10) Host is up (0.088s latency). rDNS record for 64.111.22.10: testmy.net PORT STATE SERVICE 443/tcp open https | ssl-cert: Subject: commonName=testmy.net | Subject Alternative Name: DNS:testmy.net | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2017-07-06T06:00:00 | Not valid after: 2017-10-04T06:00:00 | MD5: 415f 2e2b ee78 0642 6813 4e47 743b 9831 |_SHA-1: ecac a111 d818 d982 1039 acea 2fe4 9b6c c975 ca43 | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.1: | ciphers: | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server |_ least strength: A 465/tcp open smtps | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2016-05-03T21:11:36 | Not valid after: 2017-05-03T21:11:36 | MD5: a6bd 9cdc 510e 115e 98b5 bca2 ff64 1af8 |_SHA-1: 47a4 68dd ce19 fa99 e4d2 b60e 94a5 0599 217d c1f9 | ssl-enum-ciphers: | SSLv3: | ciphers: | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 1024) - A | TLS_DH_anon_WITH_3DES_EDE_CBC_SHA - F | TLS_DH_anon_WITH_AES_128_CBC_SHA - F | TLS_DH_anon_WITH_AES_256_CBC_SHA - F | TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA - F | TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA - F | TLS_DH_anon_WITH_RC4_128_MD5 - F | TLS_DH_anon_WITH_SEED_CBC_SHA - F | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C | TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA - F | TLS_ECDH_anon_WITH_AES_128_CBC_SHA - F | TLS_ECDH_anon_WITH_AES_256_CBC_SHA - F | TLS_ECDH_anon_WITH_RC4_128_SHA - F | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_IDEA_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C | TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C | TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | 64-bit block cipher IDEA vulnerable to SWEET32 attack | Broken cipher RC4 is deprecated by RFC 7465 | CBC-mode cipher in SSLv3 (CVE-2014-3566) | Ciphersuite uses MD5 for message integrity | Key exchange (dh 1024) of lower strength than certificate key | TLSv1.0: | ciphers: | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 1024) - A | TLS_DH_anon_WITH_3DES_EDE_CBC_SHA - F | TLS_DH_anon_WITH_AES_128_CBC_SHA - F | TLS_DH_anon_WITH_AES_256_CBC_SHA - F | TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA - F | TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA - F | TLS_DH_anon_WITH_RC4_128_MD5 - F | TLS_DH_anon_WITH_SEED_CBC_SHA - F | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C | TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA - F | TLS_ECDH_anon_WITH_AES_128_CBC_SHA - F | TLS_ECDH_anon_WITH_AES_256_CBC_SHA - F | TLS_ECDH_anon_WITH_RC4_128_SHA - F | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_IDEA_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C | TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C | TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | 64-bit block cipher IDEA vulnerable to SWEET32 attack | Broken cipher RC4 is deprecated by RFC 7465 | Ciphersuite uses MD5 for message integrity | Key exchange (dh 1024) of lower strength than certificate key | TLSv1.1: | ciphers: | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 1024) - A | TLS_DH_anon_WITH_3DES_EDE_CBC_SHA - F | TLS_DH_anon_WITH_AES_128_CBC_SHA - F | TLS_DH_anon_WITH_AES_256_CBC_SHA - F | TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA - F | TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA - F | TLS_DH_anon_WITH_RC4_128_MD5 - F | TLS_DH_anon_WITH_SEED_CBC_SHA - F | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C | TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA - F | TLS_ECDH_anon_WITH_AES_128_CBC_SHA - F | TLS_ECDH_anon_WITH_AES_256_CBC_SHA - F | TLS_ECDH_anon_WITH_RC4_128_SHA - F | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_IDEA_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C | TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C | TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | 64-bit block cipher IDEA vulnerable to SWEET32 attack | Broken cipher RC4 is deprecated by RFC 7465 | Ciphersuite uses MD5 for message integrity | Key exchange (dh 1024) of lower strength than certificate key | TLSv1.2: | ciphers: | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) - A | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 1024) - A | TLS_DH_anon_WITH_3DES_EDE_CBC_SHA - F | TLS_DH_anon_WITH_AES_128_CBC_SHA - F | TLS_DH_anon_WITH_AES_128_CBC_SHA256 - F | TLS_DH_anon_WITH_AES_128_GCM_SHA256 - F | TLS_DH_anon_WITH_AES_256_CBC_SHA - F | TLS_DH_anon_WITH_AES_256_CBC_SHA256 - F | TLS_DH_anon_WITH_AES_256_GCM_SHA384 - F | TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA - F | TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA - F | TLS_DH_anon_WITH_RC4_128_MD5 - F | TLS_DH_anon_WITH_SEED_CBC_SHA - F | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A | TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C | TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA - F | TLS_ECDH_anon_WITH_AES_128_CBC_SHA - F | TLS_ECDH_anon_WITH_AES_256_CBC_SHA - F | TLS_ECDH_anon_WITH_RC4_128_SHA - F | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_IDEA_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C | TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C | TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | 64-bit block cipher IDEA vulnerable to SWEET32 attack | Broken cipher RC4 is deprecated by RFC 7465 | Ciphersuite uses MD5 for message integrity | Key exchange (dh 1024) of lower strength than certificate key |_ least strength: F 993/tcp open imaps | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2016-05-03T21:11:36 | Not valid after: 2017-05-03T21:11:36 | MD5: a6bd 9cdc 510e 115e 98b5 bca2 ff64 1af8 |_SHA-1: 47a4 68dd ce19 fa99 e4d2 b60e 94a5 0599 217d c1f9 | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | Key exchange (dh 1024) of lower strength than certificate key | TLSv1.1: | ciphers: | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | Key exchange (dh 1024) of lower strength than certificate key | TLSv1.2: | ciphers: | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) - A | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | Key exchange (dh 1024) of lower strength than certificate key |_ least strength: D 995/tcp open pop3s | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2016-05-03T21:11:36 | Not valid after: 2017-05-03T21:11:36 | MD5: a6bd 9cdc 510e 115e 98b5 bca2 ff64 1af8 |_SHA-1: 47a4 68dd ce19 fa99 e4d2 b60e 94a5 0599 217d c1f9 | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | Key exchange (dh 1024) of lower strength than certificate key | TLSv1.1: | ciphers: | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | Key exchange (dh 1024) of lower strength than certificate key | TLSv1.2: | ciphers: | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) - A | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: client | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | Key exchange (dh 1024) of lower strength than certificate key |_ least strength: D Nmap done: 1 IP address (1 host up) scanned in 27.86 seconds Elliotts-iMac:~ elliottbrown$  
    The letter after the cipher is a letter from A-F, indicating grade of the cipher (A being best, F being worst), you'll notice there are a few RC4 ciphers under the 465, 993 and 995 ports (graded F appropriately), but all of the TLS ciphers are grade A.
     
    The lowest cipher strength (according to nmap) on https://www.testmy.net/ is a grade A, so Chrome should definitely not be flagging this site. (In fact, based on this information, testmy.net would refuse an RC4 cipher connection, period.)
     
    You definitely have a different issue going on, and I'm curious as to what that is.
     
    Thanks,
    EBrown
  21. Like
    Sean reacted to nanobot in Testmy.net member EBrown is interviewed by the BBC   
    Hah, forgot to post this here. Yeah, they asked me about it on Twitter a week or so ago.
     
    It's an interesting topic, we're discussing things that should never have to be worried about, no one should fear that their ISP can censor what they can see based on the ISP's own political motives. (Hell, just look at the Comcast v. Netflix issue from a couple years ago: Netflix traffic was throttled to unbelievable slow speeds as a result of Comcast wanting to extort them for money.)
     
    Personally, I am anti-government regulation, but in this case it's a necessity.
     
    One of the arguments I have recently heard in favor of revocation of the net–neutrality law was:
     
     
    This is a false premise, if the ISP's customers want traffic from that source, the ISP should not be throttling it in either direction. If your customers want to watch Netflix all day, you don't get to make additional profit off of that. The customer already pays for a broadband connection, it is the ISP's job to deliver that broadband service in an unbiased manner.
     
    Thanks,
    EBrown
  22. Like
    Sean reacted to mudmanc4 in Testmy.net member EBrown is interviewed by the BBC   
    Our very own @nanobot or EBrown has been interviewed by the BBC on Net Neutrality, here is what he had to say.
     
     
    Very nicely worded Elliot
     
    The full story can be found here
     
    To get more information as to the issues regarding net neutrality, visit or even join the EFF (Electronic Frontier Foundation)
  23. Like
    Sean got a reaction from mudmanc4 in RC4, error growing   
    One possibility could be an issue with the Internet Security / antivirus software. 
     
    Some Internet Security products intercept HTTPS connections to scan traffic in much the same way they scan regular HTTP traffic.  In order to intercept HTTPS, they need to act as a 'man in the middle'.  As certificates are designed to prevent man in the middle attacks, the security package installs its own root certificate in each browser. 
     
    When the security software decrypts traffic to scan it, it re-encrypts the traffic using its own certificate, which the browser will trust due to the security software discreetly installing the root certificate earlier. 
     
    What I suspect is that Chrome (and in turn Slimjet) may have an older certificate that uses a less secure cypher.  In this case when the security software intercepts and re-encrypts HTTPS traffic, Chrome will try to authenticate that certificate against the obsolete root certificate and present the error. 
     
    What I suggest trying is temporarily disable the web filtering (or the antivirus software altogether) and try accessing an affected site in Chrome.  If it now loads fine (i.e. Chrome sees the proper certificate instead of the security software's one), then I recommend uninstalling and reinstalling the antivirus package. 
  24. Like
    Sean got a reaction from CA3LE in Multithreaded test seems to be using some dead hosts   
    No problem - Multithreaded test with UK server now working fine here...
     

     
    This now brings up the expected ~3.9Mbps for my DSL connection.
     

  25. Like
    Sean got a reaction from CA3LE in Multithreaded test seems to be using some dead hosts   
    I just want to check if anyone had a chance to look at this issue over the past month.
     
    From a quick check, the UK server with the multithread test is still picking unresolvable hosts in each test:
     

     
    The Frankfurt (Germany) one seems to be fine, i.e. not one 502 error after running multiple tests:
     

×
Speed Test Version 15.9
© 2018 TestMy Net LLC - TestMy.net - Terms & Privacy
© 2018 TestMy Net LLC - TestMy.net - Forum - Terms & Privacy