Jump to content
Tuts 4 You
Sign in to follow this  
Aguila

SSL Support

Recommended Posts

Aguila

Please support HTTPS. The URL works https://forum.tuts4you.com/index.php but as soon as I click on a thread, the connection is HTTP again.


 


Self-signed certificate is ok, but please support also ssl with perfect forward secrecy.


  • Like 1

Share this post


Link to post
Teddy Rogers

This was something I had considered doing some years ago but with SSL "broken" and certificate authorities not wholly "honest" I decided it wasn't worth the hassle or expense for what little gain. I contemplated using a self-signed certificate and had one running in the background for a little while but decided against having it running live as most people get confused and put off viewing sites when they see a big scary warning about a broken/unknown security certificate in their browser.


 


Only recently the latest RHEL now comes with an updated version of OpenSSL which has support for TLS1.2 so if I get some time I may revisit adding a security certificate with PFS. However it's currently at the low end of priorities for now. I will keep you posted on any developments though...


 


Ted.


Share this post


Link to post
Teddy Rogers

I have installed a new security certificate which is now active for secure connections during signing in and during creation of a new user account. The certificate supports TLS1.2.


 


Please let me know if there are any problems...


 


Ted.


Share this post


Link to post
Teddy Rogers

Yes, that is normal for the way the board is currently configured, for it to default back to none secure pages after you click on a link. IPB by default only allows for SSL to be used during signing in and during registering of a new account but not full encryption throughout the board. There is a workaround method to enable full encryption across the board but I have yet to find out why - when enabled - not all page content is encrypted...


 


Ted.


Share this post


Link to post
kao

Something changed, now clicking on links keeps "https" - thanks a lot! :)

Signatures (like your own) & other images linked to 3rd party servers will cause "page includes resources which are not secure" warning in browsers - but there's not much you can do about that. ;) Apart from that, it looks like it's working perfectly.

Share this post


Link to post
Teddy Rogers

I fixed the issues with securing the default board configuration from fully encrypting the page so I enabled it completely across the board. Unfortunately, and as you have mentioned, there is nothing I can do about links to external images in signatures and such like...


 


Ted.


Share this post


Link to post
Aguila

Thank you very much Teddy. Now I am feeling much better.


Share this post


Link to post
nonspin

Those who have bookmarked "www.tuts4you.com" get a "untrusted connection" since the certificate is valid for

https://tuts4you.com

 

adding these to .htaccess would fix it
 

RewriteEngine OnRewriteCond %{HTTP_HOST} ^www.tuts4you.com$ [NC]RewriteRule ^(.*)$ http://tuts4you.com/$1 [R=301,L]

Share this post


Link to post
Teddy Rogers

The server already redirects to the none www links and has done for nearly as long as the site has been running. No one should be using www links, even search engines...


 


Ted.


Share this post


Link to post
nonspin

www.tuts4you.com uses an invalid security certificate. The certificate is only valid for the following names: forum.tuts4you.com , tuts4you.com (Error code: ssl_error_bad_cert_domain)

Share this post


Link to post
Teddy Rogers

That is correct, there should be a warning if you are accessing the site through a www link... :dunno:


 


Ted.


Share this post


Link to post
Teddy Rogers

HSTS is now fully enabled on the server...


 


Ted.


Share this post


Link to post
LCF-AT

Hi Ted,


 


short info: If I login now then it comes again any new style window and after login I press on my messenger icon to let open the tab but there it hangs again endless.Now I need to refresh the page or open it in a new tab and then the messenger icon works again normaly.So maybe you remember that we talked already about the problem before a while so now its the same problem again.Just only a info for you so I don't know what you have changed or updated now etc.


 


greetz


Share this post


Link to post
Teddy Rogers

Can you recall what was done to fix it?


 


Ted.


Share this post


Link to post
LCF-AT

Hi Ted,


 


ok I have checked my PMs with you and I told you about the same problem at 6. February this year and you answered me "...added a security ticket to the site so that all connections are encrypted" ...and then you said after... "I have changed some settings, and let me know if you experience the same symptoms..." and then the problems was away again but then you changed again any web settings and the problem was comming back and then you fixed it again. :) Anyway so just check our PM topic called "Improving Script Topics.."


 


Maybe its again any http / https issue so I try to test it so normaly my link does just use http to this forum.If enter this...


 


https://forum.tuts4you.com/ = same in browser to see after


if I enter this...


http://forum.tuts4you.com/ = forum.tuts4you.com/ to see only


 


greetz


Share this post


Link to post
kao

That is correct, there should be a warning if you are accessing the site through a www link... :dunno:

 

Ted.

So, some old links are supposed to have that warning. :)

  • Like 1

Share this post


Link to post
Dreamer

thx Kao


Share this post


Link to post
Teddy Rogers

A new security certificate has been issued and I have removed RC4 from the list of supported cyphers...


 


Ted.


  • Like 1

Share this post


Link to post
HTC

hope that will not be problems anymore :)


Share this post


Link to post
Teddy Rogers

The security certificate for the site has now been updated. I have also changed the certificate authority, it is no longer issued from StartSSL and is now being issued from cPanel (the OCSP is Comodo).

All StartSSL certificates issued after 21st October are no longer going to be trusted starting from Firefox 51 and Chrome 56. All StartSSL certificates issued after this date should not be trusted...

Ted.

  • Like 2

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...