https – Trying to force Apache to use only TLSv1.3 on a vhost, but it refuses to disable TLSv1.2

I have a test vhost on my web server for which I’m trying to enforce TLSv1.3-only but Apache refuses to disable TLSv1.2. TLSv1.3 does work however the following validation services all show that TLSv1.2 is still running on my vhost:

https://www.digicert.com/help/

https://www.ssllabs.com/ssltest/

https://www.immuniweb.com/ssl/

I’ve tried a few different ways including all of the following:

SSLProtocol -all +TLSv1.3
SSLProtocol +all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
SSLProtocol -all -TLSv1.2 +TLSv1.3
SSLProtocol +TLSv1.3

System info:

Ubuntu 20.04.2 LTS
OpenSSL 1.1.1f
Apache 2.4.41

Global SSL configuration:

SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog  exec:/usr/share/apache2/ask-for-passphrase
SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout  300
SSLCipherSuite HIGH:!aNULL
#SSLProtocol all -SSLv3
SSLUseStapling On
SSLStaplingCache "shmcb:${APACHE_RUN_DIR}/ssl_stapling(128000000)"
SSLStaplingResponderTimeout 2
SSLStaplingReturnResponderErrors off
SSLStaplingFakeTryLater off
SSLStaplingStandardCacheTimeout 86400

vhost configuration:

<VirtualHost XX.XX.XX.XX:443>
    ServerName testing.example.com
    DocumentRoot "/var/www/test"
    ErrorLog ${APACHE_LOG_DIR}/test-error.log
    CustomLog ${APACHE_LOG_DIR}/test-access.log combined
#   Include /etc/letsencrypt/options-ssl-apache.conf
    SSLEngine on
    SSLCompression off
    SSLCertificateFile /etc/letsencrypt/live/testing.example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/testing.example.com/privkey.pem
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
#   SSLCipherSuite "HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128"
#   SSLHonorCipherOrder off
    SSLProtocol -all +TLSv1.3
    SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams_4096.pem"
</VirtualHost>

info from “apachectl -S”:

root@domain:~# apachectl -S
VirtualHost configuration:
XX.XX.XX.XX:80      is a NameVirtualHost
...
(irrelevant)
...
XX.XX.XX.XX:443     is a NameVirtualHost
         default server blah.example.com (/etc/apache2/sites-enabled/sites.conf:13)
         port 443 namevhost blah.example.com (/etc/apache2/sites-enabled/sites.conf:13)
         **port 443 namevhost test.example.com (/etc/apache2/sites-enabled/sites.conf:29)**
         port 443 namevhost blah.example.com (/etc/apache2/sites-enabled/sites.conf:54)
         port 443 namevhost blah.example.com (/etc/apache2/sites-enabled/sites.conf:93)
         port 443 namevhost blah.example.org (/etc/apache2/sites-enabled/sites.conf:111)
         port 443 namevhost blah.example.tk (/etc/apache2/sites-enabled/sites.conf:132)
         port 443 namevhost blah.example.com (/etc/apache2/sites-enabled/sites.conf:145)
(XX:XX:XX:XX:XX:XX:XX:XX):80 is a NameVirtualHost
...
(irrelevant)
...
(XX:XX:XX:XX:XX:XX:XX:XX):443 is a NameVirtualHost
...
(irrelevant; note the subdomain in question only has IPV4 DNS entry no IPV6)
...
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex fcgid-proctbl: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex fcgid-pipe: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: MODPERL2
Define: ENABLE_USR_LIB_CGI_BIN
User: name="www-data" id=33
Group: name="www-data" id=33
root@domain:~#

I have it commented out of the vhost in question but other vhosts are using a letsencrypt/options-ssl-apache.conf which I’ll include here in case it could be interfering somehow:

SSLEngine on
SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder     on
SSLSessionTickets       off
SSLOptions +StrictRequire

Force downloads to be served from a separate page!

How to force downloads to be served from a separate page! Like this site:

Internet Download Manager 6.38.15

I need the full code and where to place it correctly.

Thanks in advance.

functions – Force EllipticTheta to "use" $ (e ^ { pi i tau}) ^ { lambda} = e ^ { pi i tau lambda} $

To define $ theta_2 (q) = 2 sum_ {n ge 0} q ^ {(n + 1/2) ^ 2} $ and $ theta_3 (q) = 1 + 2 sum_ {n ge 1} q ^ {n ^ 2} $, $ q = e ^ { pi i tau} $, $ q ^ { lambda} = e ^ { pi i tau lambda} $, $ q in mathbb {C} $, $ | q | lt $ 1, $ tau in mathbb {C} $, $ operator_name {Im} tau gt 0 $, $ lambda in mathbb {R} $.

Then
$$ theta_2 ^ 2 (q ^ 2) = theta_3 ^ 2 (q) – theta_3 ^ 2 (q ^ 2) $$
for everyone $ q in mathbb {C} $, $ 0 lt | q | lt $ 1.

However, Mathematica Elliptical Theta (2.0, q) and Elliptical Theta (3.0, q) do not meet the above identity for all complexes $ q $ when $ 0 lt | q | lt $ 1. This is because Mathematica does not "use" $ (e ^ { pi i tau}) ^ { lambda} = e ^ { pi i tau lambda} $ in this context (its use is usual in the literature). Instead, it evaluates $ e ^ { pi i tau} $ and then this is raised to the $ lambda $. In other words, it should be true that
$$ theta_2 ^ 2 (e ^ {2 pi i tau}) = theta_3 ^ 2 (e ^ { pi i tau}) – theta_3 ^ 2 (e ^ {2 pi i tau} ) $$
for everyone $ tau in mathbb {C} $ and $ operator_name {Im} tau gt 0 $ but it does not conform to that of Mathematica EllipticalTheta functions: Mathematica interpreter $ theta_2 (e ^ { pi i tau}) $ as $ theta_2 (e ^ { pi i tau}) = 2 sum_ {n ge 0} (e ^ { pi i tau}) ^ {(n + 1/2) ^ 2} $ instead of $ theta_2 (e ^ { pi i tau}) = 2 sum_ {n ge 0} e ^ { pi i tau (n + 1/2) ^ 2} $, which does not always give the same result.

Can Elliptical Theta (2.0, q) in Mathematica to be "redefined" in such a way that this identity (and many others) is true? Instead of $ q mapsto theta_2 (q) $, I want to define $ tau mapsto theta_2 (e ^ { pi i tau}) $. But using f (t _): = EllipticTheta (2,0, E ^ (Pi I t)) causes some DLMF identities to fail due to the above issue.

internal storage – SD is force allowed, but play store still tries to install on phone, not on SD

I have a Nokia 5.1 with Andoroid 10 (start screen says “Android one”) and I would like to have the default storage place of my apps to be the sd card. I followed successfully the instructions of using the developer mode to force allow to move apps to the SD, as shown here. But I would also like to have any new app automatically installed on the SD, not on the phone. I can’t find a way to achieve this. When I try to install a new app from the google play store, even a very small and simple one, I get a message that first I have to delete some apps stored on the phone. This is even more surprising considering that I have 4.5GB free out of 16GB in the internal storage.

Any idea how to make the SD, not the phone my default storage place? Additionally, any ideas why I get the message that I need to delete apps when trying to install new ones? Tnx

seo – Is there way to force Google to think that sub domain as totally separated are from main domain?

Google consider a sub domain as a completely different website for his domain. So if your domain rank well in “cars (for example) a sub domain can rank well in “pets care”.

But Google still know if 2 or more website are related even if them are on different domains and different servers, easier if it is a sub domain.

So as from the comment of Stephen Ostermiller if you do something wrong will be partially reflect on the main domain, as well as if you do something good.

If you want to keep a clear image and easy navigation system on your main site without mess up with link between subdomains and tools and blogs or whatever, I can suggest you to have only 2 domains (so not so expensive): 1 is the main one, for your web design agency, the other one you can use for tools and experiment and anything you like. This not for Google but also for your pace of mind that keep separate the “experiment” (for example maybe in the future you will shut down a tool).
example:

main site: yourmaindomain.com

other services:
yourseconddomain.com/imagehostingservice

yourseconddomain.com/seotools

yourseconddomain.com/calculator

And keep them in 2 different cPanel, not for SEO reason but to keep easy the navigation of the main website without using subdomain that maybe point to folder also reachable from other URL (example: you have a subdomain -sub.example.com- that point to public_html/subdomainfolder. That folder you can reach by sub.example.com but also from example.com/subdomainfolder and this can generate confusion when search engine try to map your site.

Then you can link to each other some pages if need.

https – Make Google Domains force use SSL

https – Make Google Domains force use SSL – Webmasters Stack Exchange

dnd 5e – Can spells be cast through a Wall of Force?

A wall of force blocks magic by granting total cover.

Although this is an old question, I discovered a relevant ruling while researching another question, and would like to add it here for completeness.

D&D 5e designer Jeremy Crawford, in an unofficial ruling, confirms in a tweet that wall of force provides total cover:

Q: could a wizard make a sphere around a creature using wall of force and then chill touch to damage them through the wall?

Crawford: Unless a spell says otherwise, you can’t target someone behind total cover (PH, 204)

Also here, in specific reference to wall of force:

Q: Wall of Force is invisible…so it doesn’t provide cover does it?

Crawford: Cover is a physical obstruction, not necessarily a visual one.

The reason wall of force blocks spells is that it, as an obstacle, it provides total cover to anyone fully behind it as per PHB p.196:

A target has total cover if it is completely concealed by an obstacle.

Crawford’s unofficial ruling confirms that “concealed” here is a synonym for “covered”, not “invisible” as it meant in earlier editions of the game. And, as per PHB p.204, this prevents a caster from targeting you:

To target something, you must have a clear path to it, so it can’t be behind total cover.

root access – Is there any way to force apps to use internal memory only? In Rooted Android device

I have oneplus 5t 8gb ram + 128 gb internal storage
100gb free space is available in phone.

I Rooted the device.
Now I am facing the problem regarding installing apps from Google play Store.

When I try to Install any random app.

Its showing

” App Requires External Storage”
“It cannot be downloaded.Insert an <a href=”https://support.google.com/android-one/answer/6088895?hl=en’>SD card or USB storage with sufficient storage, and try again.

And Also No Apps is Using the Internal Storage for storing the data like Camera , Whatsapp etc

I even not able to download and see the whatsapp images or any document shared and not able to download anything from chrome too.

If anyone can help me I will appreciate it and very thankful to him/her.

dnd 5e – Why can’t Wall of Force be dispelled?

According to the fifth edition spell text, Wall of Force

(…) can’t be dispelled by dispel magic.

Is there an in-world reason why this is the case (for any D&D setting)? Why can Wall of Force and Forcecage, uniquely among all spells, not be broken by Dispel Magic?

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive Proxies-free.com New Proxy Lists Every Day Proxies123