Internet Up URL & use of HTTPS

[mattheworiordan]

@paddybyers, for the Java & Ably-js libraries, please can you use the correct URL for the Internet Up CDN test which is https://internet-up.ably-realtime.com/is-the-internet-up.txt, see this change in ably/ably-ruby@007e3b4.

Also, in the ably-js library, if the library is loaded over HTTPS and it then needs to do an internet up check it currently fails because it tries to do the request over HTTP, see

ably-js/browser/lib/transport/jsonptransport.js

Line 27 in add26a0

request('http://internet-up.ably.io.s3-website-us-east-1.amazonaws.com/is-the-internet-up.js', null, null, null, false, function(err, response) {

and

ably-js/browser/lib/transport/xhrtransport.js

Line 12 in 5bb90e8

Http.request('http://internet-up.ably.io.s3-website-us-east-1.amazonaws.com/is-the-internet-up.txt', null, null, null, false, function(err, responseText) {

.

@kouno this is the issue we saw FYI.

[kouno]

Your commit doesn't fix http to https for some reason.

[mattheworiordan]

@kouno it's not necessary unless you are in a browser.

[paddybyers]

So you're saying use HTTPS unconditionally?

[kouno]

@mattheworiordan Not necessary but it's more secure. :)

[mattheworiordan]

And slower. The request causes a delay before subsequent reconnect attempts are made and SSL handshakes typically add up to second to the request. Security in this case is not really relevant as far as I can see..

Regards,
Matthew

Sent from my phone

On 23 Jan 2015, at 15:38, Vincent Bonmalais notifications@github.com wrote:

@mattheworiordan Not necessary but it's more secure. :)

—
Reply to this email directly or view it on GitHub.

[kouno]

SSL handshakes typically add up to second to the request.

What!? Where did you get that fact? SSL handshakes are more expensive yes, but a full second is a lot of time. Cloudflare speaks about 1/3 of a second which is already more likely.

That inherently means an additional third of a second gets added to your page load time for any visitor connecting to your site if you're using Verisign's SSL

And it's only on slow certificate authority (aka Verisign) and I thought that Cloudflare was speeding up these things as much as possible. (https://blog.cloudflare.com/how-cloudflare-is-making-ssl-fast/)

The request causes a delay before subsequent reconnect attempts are made

Hu, sorry. I have no idea what you are speaking about :(. Maybe you could clarify that when I ask you on Monday.

I do not think it's going to be critically slower TBH (as in, we absolutely need this to be super fast). Also this is only if we have a connection drop... And again, everywhere else we use SSL anyway, so I'm not sure why you would worry about this one in particular? And finally, it's hosted by Amazon on S3 so if that's slow, I don't know if I can believe in the internet anymore :).

But honestly, the change itself is inconsequential. So you can safely ignore my comment.

[mattheworiordan]

Damon you @kouno, OK, see ably/ably-ruby@12b8e8a. Happy?

[kouno]

Yes. Damon me. ahahah 😄