[12:13:46] 06Traffic: Consider using TLS_AES_128_GCM_SHA256 instead of TLS_AES_256_GCM_SHA384 - https://phabricator.wikimedia.org/T365327 (10Ladsgroup) 03NEW [12:14:40] 06Traffic: Consider using TLS_AES_128_GCM_SHA256 instead of TLS_AES_256_GCM_SHA384 - https://phabricator.wikimedia.org/T365327#9811299 (10Ladsgroup) [12:22:43] 06Traffic: Consider using TLS_AES_128_GCM_SHA256 instead of TLS_AES_256_GCM_SHA384 - https://phabricator.wikimedia.org/T365327#9811302 (10Ladsgroup) We can also consider preferring ChaCha20 everywhere as well like Meta websites. [13:21:21] 06Traffic: Consider using TLS_AES_128_GCM_SHA256 instead of TLS_AES_256_GCM_SHA384 - https://phabricator.wikimedia.org/T365327#9811320 (10Vgutierrez) >>! In T365327#9811302, @Ladsgroup wrote: > We can also consider preferring ChaCha20 everywhere as well like Meta websites. We already do that in the CDN by lever... [13:24:40] 06Traffic: Consider using TLS_AES_128_GCM_SHA256 instead of TLS_AES_256_GCM_SHA384 - https://phabricator.wikimedia.org/T365327#9811322 (10Ladsgroup) I should have been clearer, Meta prefers it everywhere including desktop. It's the top of ciphersuite by default including where it's not the top of client's cipher... [13:26:59] 06Traffic: Consider using TLS_AES_128_GCM_SHA256 instead of TLS_AES_256_GCM_SHA384 - https://phabricator.wikimedia.org/T365327#9811323 (10Ladsgroup) Just to make it clearer, ChaCha20 is still that's not my preference. I prefer simply reducing the key size for AES and SHA instead. [13:31:13] 06Traffic: Consider using TLS_AES_128_GCM_SHA256 instead of TLS_AES_256_GCM_SHA384 - https://phabricator.wikimedia.org/T365327#9811326 (10Vgutierrez) Chacha20 is faster than AES when both are running without hardware acceleration. If AES-NI is present, AES is faster. This is also considered by clients to choose... [13:35:50] 06Traffic: Consider using TLS_AES_128_GCM_SHA256 instead of TLS_AES_256_GCM_SHA384 - https://phabricator.wikimedia.org/T365327#9811327 (10Ladsgroup) Stupid note: In my phone, it still prefers AES256. Maybe my client for whatever reason doesn't support ChaCha20 or it thinks it's strong enough to just go with AES... [13:38:17] 06Traffic: Consider using TLS_AES_128_GCM_SHA256 instead of TLS_AES_256_GCM_SHA384 - https://phabricator.wikimedia.org/T365327#9811328 (10Ladsgroup) >>! In T365327#9811326, @Vgutierrez wrote: > Chacha20 is faster than AES when both are running without hardware acceleration. If AES-NI is present, AES is faster.... [13:42:56] 06Traffic: Consider using TLS_AES_128_GCM_SHA256 instead of TLS_AES_256_GCM_SHA384 - https://phabricator.wikimedia.org/T365327#9811332 (10Vgutierrez) >>! In T365327#9811327, @Ladsgroup wrote: > Stupid note: In my phone, it still prefers AES256. Maybe my client for whatever reason doesn't support ChaCha20 or it t... [13:44:56] 06Traffic: Consider using TLS_AES_128_GCM_SHA256 instead of TLS_AES_256_GCM_SHA384 - https://phabricator.wikimedia.org/T365327#9811333 (10Ladsgroup) Okay cool. Thanks for checking. [13:49:05] 06Traffic: Consider preferring TLS_AES_128_GCM_SHA256 over TLS_AES_256_GCM_SHA384 - https://phabricator.wikimedia.org/T365327#9811334 (10Ladsgroup) [18:29:28] FIRING: NodeTextfileStale: Stale textfile for cp4049:9100 - https://wikitech.wikimedia.org/wiki/Prometheus#Stale_file_for_node-exporter_textfile - https://grafana.wikimedia.org/d/knkl4dCWz/node-exporter-textfile - https://alerts.wikimedia.org/?q=alertname%3DNodeTextfileStale [18:41:12] uh? [18:46:37] -rw-r--r-- 1 root root 961 May 19 18:45 /var/lib/prometheus/node.d/lvs-realserver-mss.prom doesn't look stale to me [18:54:30] oh.. it's not that file but realserver-mss.prom [18:54:40] it looks like a leftover from b.black debugging session on May 15th [18:56:00] !log vgutierrez@cp4049:~$ sudo rm /var/lib/prometheus/node.d/realserver-mss.prom [18:56:02] Logged the message at https://wikitech.wikimedia.org/wiki/Server_Admin_Log [18:59:28] RESOLVED: NodeTextfileStale: Stale textfile for cp4049:9100 - https://wikitech.wikimedia.org/wiki/Prometheus#Stale_file_for_node-exporter_textfile - https://grafana.wikimedia.org/d/knkl4dCWz/node-exporter-textfile - https://alerts.wikimedia.org/?q=alertname%3DNodeTextfileStale