It is currently 20 Oct 2018, 08:31




 Page 1 of 1 [ 12 posts ] 
Author Message
 Post subject: Moving completely LDDb.com to HTTPS
PostPosted: 14 Feb 2018, 09:39 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 2086
Location: APAC
Has thanked: 65 times
Been thanked: 89 times
Hello everyone!

Since Google was already penalizing website with no Secure HTTP and that Chrome will soon highlight all non-HTTPS sites as insecure...

https://www.valet.io/google-penalize-websites-not-ssl-2017/
https://www.theregister.co.uk/2018/02/08/google_chrome_http_shame/

All pages of LDDb.com will now be served over HTTPS.
I still have to find out which ones still have external contents served over HTTP (leading to mixed contents that are a BAD thing).
I already fixed the IMDB auto-ranking script yesterday, but there might be more (like MOST of the pictures provided externally in the shops).

The only remaining section non-secure will be the Forum because.... being forum.lddb.com and not lddb.com/forum, I need to buy a different certificate first!

Julien
_________________
LDDb on Facebook!
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 14 Feb 2018, 10:52 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 2086
Location: APAC
Has thanked: 65 times
Been thanked: 89 times
And enforcing it with HSTS:

SSL Report: lddb.com
Attachment:
SSL.png
SSL.png [ 20.08 KiB | Viewed 1471 times ]


Julien
_________________
LDDb on Facebook!
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 14 Feb 2018, 12:44 
Genuinely interested
Genuinely interested
User avatar

Joined: 12 Dec 2016, 13:13
Posts: 35
Location: Switzerland
Has thanked: 1 time
Been thanked: 1 time
admin wrote:

The only remaining section non-secure will be the Forum because.... being forum.lddb.com and not lddb.com/forum, I need to buy a different certificate first!


Why don't you use Let's Encrypt? Free stuff is always great :D
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 05 Sep 2018, 05:41 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 2086
Location: APAC
Has thanked: 65 times
Been thanked: 89 times
spyral wrote:
Why don't you use Let's Encrypt? Free stuff is always great :D


Just needed to get used to the way this works to trust it enough :-P

forum.lddb.com is "let's encrypted" now!

Attachment:
cert.png
cert.png [ 6.17 KiB | Viewed 434 times ]


Julien
_________________
LDDb on Facebook!
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 05 Sep 2018, 14:45 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 2086
Location: APAC
Has thanked: 65 times
Been thanked: 89 times
admin wrote:
forum.lddb.com is "let's encrypted" now!


I am experiencing some trouble switching from a PC to another PC.

If the forum will not log you in automatically, just make sure that the URL has https://forum.lddb.com in front of it!

Julien
_________________
LDDb on Facebook!
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 06 Sep 2018, 22:05 
Jedi Knight
Jedi Knight
User avatar

Joined: 03 May 2004, 19:05
Posts: 4814
Location: United States
Has thanked: 22 times
Been thanked: 49 times
Thank you for posting that, I wasn't able to even read this topic until I saw your post on the main page.
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 07 Sep 2018, 13:42 
True fan
True fan
User avatar

Joined: 24 May 2016, 01:40
Posts: 319
Location: NY USA
Has thanked: 18 times
Been thanked: 25 times
I was struggling with the log in earlier too but things seem back to normal for me now, thanks for the post.
_________________
-LD Collection
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 10 Sep 2018, 03:15 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 2086
Location: APAC
Has thanked: 65 times
Been thanked: 89 times
sjoerg wrote:
I was struggling with the log in earlier too but things seem back to normal for me now, thanks for the post.


Yes, sorry about that, moving phpBB3 from http to https isn't as smooth as expected. Turns out it keeps some cookie information on how to connect and will revert to http sometimes, blocking the auto-login mechanism :-(

Julien
_________________
LDDb on Facebook!
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 26 Sep 2018, 21:11 
Knows how to post
Knows how to post
User avatar

Joined: 18 Jun 2014, 22:06
Posts: 14
Location: United States
Has thanked: 0 time
Been thanked: 1 time
Firefox 62 on Fedora 28 Linux gives:

Might also be my problem, unsure yet.

Secure Connection Failed

An error occurred during a connection to forum.lddb.com. SSL received a malformed Server Hello handshake message. Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO

Chromium on same OS works ok.

Windows Firefox works fine.
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 27 Sep 2018, 04:18 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 2086
Location: APAC
Has thanked: 65 times
Been thanked: 89 times
bryanb wrote:
An error occurred during a connection to forum.lddb.com. SSL received a malformed Server Hello handshake message. Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO


Yes my Windows FF 62.0.2 (64-bit) is quite happy.

Only thing I changed few days ago was to upgrade GNUTLS from 3.6.2 to 3.6.4.

Maybe it's a TLS 1.3 issue? Does your Browser tell you which TLS version it's trying to negotiate?

Quote:
Improved SSL/TLS Handshake

The second major thing that sets TLS 1.3 apart from its predecessors is its upgraded version of the SSL/TLS handshake. Before a secure connection is established between the client and the server, a handshake process is carried out between both the parties. This handshake involves a series of back-and-forth communication steps between the client and the server to validate each other’s and negotiate the terms of the data transfer.


  • Search for about:config in the address bar and press enter
  • In the search space, search for tls.version.max

3 = TLS1.2
4 = TLS1.3

Running another round of SSLLABS validation...

forum.lddb.com is using letsencrypt.org => A+
www.lddb.com is using gandi.net => A+

No handshake issues... Bug in FF for Fedora?

Julien
_________________
LDDb on Facebook!
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 27 Sep 2018, 06:21 
Knows how to post
Knows how to post
User avatar

Joined: 18 Jun 2014, 22:06
Posts: 14
Location: United States
Has thanked: 0 time
Been thanked: 1 time
I only use FF on linux at work. Mac, at home (works fine so far). I'll try and double check the TLS thing later. I know I saw it in Chromium, but don't recall FF...
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 02 Oct 2018, 17:41 
Knows how to post
Knows how to post
User avatar

Joined: 18 Jun 2014, 22:06
Posts: 14
Location: United States
Has thanked: 0 time
Been thanked: 1 time
Firefox 62.0.2 Fedora 28. Had to change security.tls.version.max to 3, and now the site works fine. Bug in FF for Fedora / Linux?
Offline
 Profile  
 
Display posts from previous:  Sort by  
 Page 1 of 1 [ 12 posts ] 


Who is online

Users browsing this forum: firehorse_44 and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to: