Posted January 1, 201411 yr Please support HTTPS. The URL works https://forum.tuts4you.com/index.php but as soon as I click on a thread, the connection is HTTP again. Self-signed certificate is ok, but please support also ssl with perfect forward secrecy.
January 2, 201411 yr This was something I had considered doing some years ago but with SSL "broken" and certificate authorities not wholly "honest" I decided it wasn't worth the hassle or expense for what little gain. I contemplated using a self-signed certificate and had one running in the background for a little while but decided against having it running live as most people get confused and put off viewing sites when they see a big scary warning about a broken/unknown security certificate in their browser. Only recently the latest RHEL now comes with an updated version of OpenSSL which has support for TLS1.2 so if I get some time I may revisit adding a security certificate with PFS. However it's currently at the low end of priorities for now. I will keep you posted on any developments though... Ted.
February 4, 201411 yr I have installed a new security certificate which is now active for secure connections during signing in and during creation of a new user account. The certificate supports TLS1.2. Please let me know if there are any problems... Ted.
February 4, 201411 yr The URL works https://forum.tuts4you.com/index.php but as soon as I click on a thread, the connection is HTTP again.This issue still persists.
February 4, 201411 yr Yes, that is normal for the way the board is currently configured, for it to default back to none secure pages after you click on a link. IPB by default only allows for SSL to be used during signing in and during registering of a new account but not full encryption throughout the board. There is a workaround method to enable full encryption across the board but I have yet to find out why - when enabled - not all page content is encrypted... Ted.
February 4, 201411 yr Something changed, now clicking on links keeps "https" - thanks a lot! Signatures (like your own) & other images linked to 3rd party servers will cause "page includes resources which are not secure" warning in browsers - but there's not much you can do about that. Apart from that, it looks like it's working perfectly.
February 4, 201411 yr I fixed the issues with securing the default board configuration from fully encrypting the page so I enabled it completely across the board. Unfortunately, and as you have mentioned, there is nothing I can do about links to external images in signatures and such like... Ted.
May 27, 201411 yr Perfect Forward Secrecy is now active on this server - if your browser supports it... https://www.ssllabs.com/ssltest/analyze.html?d=tuts4you.com Ted.
June 1, 201411 yr Those who have bookmarked "www.tuts4you.com" get a "untrusted connection" since the certificate is valid forhttps://tuts4you.com adding these to .htaccess would fix it RewriteEngine OnRewriteCond %{HTTP_HOST} ^www.tuts4you.com$ [NC]RewriteRule ^(.*)$ http://tuts4you.com/$1 [R=301,L]
June 2, 201411 yr The server already redirects to the none www links and has done for nearly as long as the site has been running. No one should be using www links, even search engines... Ted.
June 2, 201411 yr www.tuts4you.com uses an invalid security certificate. The certificate is only valid for the following names: forum.tuts4you.com , tuts4you.com (Error code: ssl_error_bad_cert_domain)
June 2, 201411 yr That is correct, there should be a warning if you are accessing the site through a www link... Ted.
June 4, 201411 yr Hi Ted, short info: If I login now then it comes again any new style window and after login I press on my messenger icon to let open the tab but there it hangs again endless.Now I need to refresh the page or open it in a new tab and then the messenger icon works again normaly.So maybe you remember that we talked already about the problem before a while so now its the same problem again.Just only a info for you so I don't know what you have changed or updated now etc. greetz
June 7, 201411 yr Hi Ted, ok I have checked my PMs with you and I told you about the same problem at 6. February this year and you answered me "...added a security ticket to the site so that all connections are encrypted" ...and then you said after... "I have changed some settings, and let me know if you experience the same symptoms..." and then the problems was away again but then you changed again any web settings and the problem was comming back and then you fixed it again. Anyway so just check our PM topic called "Improving Script Topics.." Maybe its again any http / https issue so I try to test it so normaly my link does just use http to this forum.If enter this... https://forum.tuts4you.com/ = same in browser to see after if I enter this... http://forum.tuts4you.com/ = forum.tuts4you.com/ to see only greetz
June 11, 201411 yr tedd when i try to go to download location for any tut you make i get some ssl error example https://forum.tuts4you.com/topic/12209-codeveil-12/ Edited June 11, 201411 yr by Dreamer
June 11, 201411 yr That is correct, there should be a warning if you are accessing the site through a www link... Ted. So, some old links are supposed to have that warning.
January 27, 201510 yr A new security certificate has been issued and I have removed RC4 from the list of supported cyphers... Ted.
November 26, 20168 yr The security certificate for the site has now been updated. I have also changed the certificate authority, it is no longer issued from StartSSL and is now being issued from cPanel (the OCSP is Comodo). All StartSSL certificates issued after 21st October are no longer going to be trusted starting from Firefox 51 and Chrome 56. All StartSSL certificates issued after this date should not be trusted... Ted.
Create an account or sign in to comment