Aguila Posted January 1, 2014 Posted January 1, 2014 Please support HTTPS. The URL works https://forum.tuts4you.com/index.php but as soon as I click on a thread, the connection is HTTP again. Self-signed certificate is ok, but please support also ssl with perfect forward secrecy. 1
Teddy Rogers Posted January 2, 2014 Posted January 2, 2014 This was something I had considered doing some years ago but with SSL "broken" and certificate authorities not wholly "honest" I decided it wasn't worth the hassle or expense for what little gain. I contemplated using a self-signed certificate and had one running in the background for a little while but decided against having it running live as most people get confused and put off viewing sites when they see a big scary warning about a broken/unknown security certificate in their browser. Only recently the latest RHEL now comes with an updated version of OpenSSL which has support for TLS1.2 so if I get some time I may revisit adding a security certificate with PFS. However it's currently at the low end of priorities for now. I will keep you posted on any developments though... Ted.
Teddy Rogers Posted February 4, 2014 Posted February 4, 2014 I have installed a new security certificate which is now active for secure connections during signing in and during creation of a new user account. The certificate supports TLS1.2. Please let me know if there are any problems... Ted.
kao Posted February 4, 2014 Posted February 4, 2014 The URL works https://forum.tuts4you.com/index.php but as soon as I click on a thread, the connection is HTTP again.This issue still persists.
Teddy Rogers Posted February 4, 2014 Posted February 4, 2014 Yes, that is normal for the way the board is currently configured, for it to default back to none secure pages after you click on a link. IPB by default only allows for SSL to be used during signing in and during registering of a new account but not full encryption throughout the board. There is a workaround method to enable full encryption across the board but I have yet to find out why - when enabled - not all page content is encrypted... Ted.
kao Posted February 4, 2014 Posted February 4, 2014 Something changed, now clicking on links keeps "https" - thanks a lot! Signatures (like your own) & other images linked to 3rd party servers will cause "page includes resources which are not secure" warning in browsers - but there's not much you can do about that. Apart from that, it looks like it's working perfectly.
Teddy Rogers Posted February 4, 2014 Posted February 4, 2014 I fixed the issues with securing the default board configuration from fully encrypting the page so I enabled it completely across the board. Unfortunately, and as you have mentioned, there is nothing I can do about links to external images in signatures and such like... Ted.
Aguila Posted February 4, 2014 Author Posted February 4, 2014 Thank you very much Teddy. Now I am feeling much better.
Teddy Rogers Posted May 27, 2014 Posted May 27, 2014 Perfect Forward Secrecy is now active on this server - if your browser supports it... https://www.ssllabs.com/ssltest/analyze.html?d=tuts4you.com Ted.
nonspin Posted June 1, 2014 Posted June 1, 2014 Those who have bookmarked "www.tuts4you.com" get a "untrusted connection" since the certificate is valid forhttps://tuts4you.com adding these to .htaccess would fix it RewriteEngine OnRewriteCond %{HTTP_HOST} ^www.tuts4you.com$ [NC]RewriteRule ^(.*)$ http://tuts4you.com/$1 [R=301,L]
Teddy Rogers Posted June 2, 2014 Posted June 2, 2014 The server already redirects to the none www links and has done for nearly as long as the site has been running. No one should be using www links, even search engines... Ted.
nonspin Posted June 2, 2014 Posted June 2, 2014 www.tuts4you.com uses an invalid security certificate. The certificate is only valid for the following names: forum.tuts4you.com , tuts4you.com (Error code: ssl_error_bad_cert_domain)
Teddy Rogers Posted June 2, 2014 Posted June 2, 2014 That is correct, there should be a warning if you are accessing the site through a www link... Ted.
LCF-AT Posted June 4, 2014 Posted June 4, 2014 Hi Ted, short info: If I login now then it comes again any new style window and after login I press on my messenger icon to let open the tab but there it hangs again endless.Now I need to refresh the page or open it in a new tab and then the messenger icon works again normaly.So maybe you remember that we talked already about the problem before a while so now its the same problem again.Just only a info for you so I don't know what you have changed or updated now etc. greetz
LCF-AT Posted June 7, 2014 Posted June 7, 2014 Hi Ted, ok I have checked my PMs with you and I told you about the same problem at 6. February this year and you answered me "...added a security ticket to the site so that all connections are encrypted" ...and then you said after... "I have changed some settings, and let me know if you experience the same symptoms..." and then the problems was away again but then you changed again any web settings and the problem was comming back and then you fixed it again. Anyway so just check our PM topic called "Improving Script Topics.." Maybe its again any http / https issue so I try to test it so normaly my link does just use http to this forum.If enter this... https://forum.tuts4you.com/ = same in browser to see after if I enter this... http://forum.tuts4you.com/ = forum.tuts4you.com/ to see only greetz
Dreamer Posted June 11, 2014 Posted June 11, 2014 (edited) tedd when i try to go to download location for any tut you make i get some ssl error example https://forum.tuts4you.com/topic/12209-codeveil-12/ Edited June 11, 2014 by Dreamer
kao Posted June 11, 2014 Posted June 11, 2014 That is correct, there should be a warning if you are accessing the site through a www link... Ted. So, some old links are supposed to have that warning. 1
Teddy Rogers Posted January 27, 2015 Posted January 27, 2015 A new security certificate has been issued and I have removed RC4 from the list of supported cyphers... Ted. 1
Teddy Rogers Posted November 26, 2016 Posted November 26, 2016 The security certificate for the site has now been updated. I have also changed the certificate authority, it is no longer issued from StartSSL and is now being issued from cPanel (the OCSP is Comodo). All StartSSL certificates issued after 21st October are no longer going to be trusted starting from Firefox 51 and Chrome 56. All StartSSL certificates issued after this date should not be trusted... Ted. 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now