LaserDisc Database
https://forum.lddb.com/

Moving completely LDDb.com to HTTPS
https://forum.lddb.com/viewtopic.php?f=2&t=7628
Page 1 of 1

Author:  admin [ 14 Feb 2018, 09:39 ]
Post subject:  Moving completely LDDb.com to HTTPS

Hello everyone!

Since Google was already penalizing website with no Secure HTTP and that Chrome will soon highlight all non-HTTPS sites as insecure...

https://www.valet.io/google-penalize-websites-not-ssl-2017/
https://www.theregister.co.uk/2018/02/08/google_chrome_http_shame/

All pages of LDDb.com will now be served over HTTPS.
I still have to find out which ones still have external contents served over HTTP (leading to mixed contents that are a BAD thing).
I already fixed the IMDB auto-ranking script yesterday, but there might be more (like MOST of the pictures provided externally in the shops).

The only remaining section non-secure will be the Forum because.... being forum.lddb.com and not lddb.com/forum, I need to buy a different certificate first!

Julien

Author:  admin [ 14 Feb 2018, 10:52 ]
Post subject:  Re: Moving completely LDDb.com to HTTPS

And enforcing it with HSTS:

SSL Report: lddb.com
Attachment:
SSL.png
SSL.png [ 20.08 KiB | Viewed 8284 times ]


Julien

Author:  spyral [ 14 Feb 2018, 12:44 ]
Post subject:  Re: Moving completely LDDb.com to HTTPS

admin wrote:

The only remaining section non-secure will be the Forum because.... being forum.lddb.com and not lddb.com/forum, I need to buy a different certificate first!


Why don't you use Let's Encrypt? Free stuff is always great :D

Author:  admin [ 05 Sep 2018, 05:41 ]
Post subject:  Re: Moving completely LDDb.com to HTTPS

spyral wrote:
Why don't you use Let's Encrypt? Free stuff is always great :D


Just needed to get used to the way this works to trust it enough :-P

forum.lddb.com is "let's encrypted" now!

Attachment:
cert.png
cert.png [ 6.17 KiB | Viewed 7247 times ]


Julien

Author:  admin [ 05 Sep 2018, 14:45 ]
Post subject:  Re: Moving completely LDDb.com to HTTPS

admin wrote:
forum.lddb.com is "let's encrypted" now!


I am experiencing some trouble switching from a PC to another PC.

If the forum will not log you in automatically, just make sure that the URL has https://forum.lddb.com in front of it!

Julien

Author:  rein-o [ 06 Sep 2018, 22:05 ]
Post subject:  Re: Moving completely LDDb.com to HTTPS

Thank you for posting that, I wasn't able to even read this topic until I saw your post on the main page.

Author:  sjoerg [ 07 Sep 2018, 13:42 ]
Post subject:  Re: Moving completely LDDb.com to HTTPS

I was struggling with the log in earlier too but things seem back to normal for me now, thanks for the post.

Author:  admin [ 10 Sep 2018, 03:15 ]
Post subject:  Re: Moving completely LDDb.com to HTTPS

sjoerg wrote:
I was struggling with the log in earlier too but things seem back to normal for me now, thanks for the post.


Yes, sorry about that, moving phpBB3 from http to https isn't as smooth as expected. Turns out it keeps some cookie information on how to connect and will revert to http sometimes, blocking the auto-login mechanism :-(

Julien

Author:  bryanb [ 26 Sep 2018, 21:11 ]
Post subject:  Re: Moving completely LDDb.com to HTTPS

Firefox 62 on Fedora 28 Linux gives:

Might also be my problem, unsure yet.

Secure Connection Failed

An error occurred during a connection to forum.lddb.com. SSL received a malformed Server Hello handshake message. Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO

Chromium on same OS works ok.

Windows Firefox works fine.

Author:  admin [ 27 Sep 2018, 04:18 ]
Post subject:  Re: Moving completely LDDb.com to HTTPS

bryanb wrote:
An error occurred during a connection to forum.lddb.com. SSL received a malformed Server Hello handshake message. Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO


Yes my Windows FF 62.0.2 (64-bit) is quite happy.

Only thing I changed few days ago was to upgrade GNUTLS from 3.6.2 to 3.6.4.

Maybe it's a TLS 1.3 issue? Does your Browser tell you which TLS version it's trying to negotiate?

Quote:
Improved SSL/TLS Handshake

The second major thing that sets TLS 1.3 apart from its predecessors is its upgraded version of the SSL/TLS handshake. Before a secure connection is established between the client and the server, a handshake process is carried out between both the parties. This handshake involves a series of back-and-forth communication steps between the client and the server to validate each other’s and negotiate the terms of the data transfer.


  • Search for about:config in the address bar and press enter
  • In the search space, search for tls.version.max

3 = TLS1.2
4 = TLS1.3

Running another round of SSLLABS validation...

forum.lddb.com is using letsencrypt.org => A+
www.lddb.com is using gandi.net => A+

No handshake issues... Bug in FF for Fedora?

Julien

Author:  bryanb [ 27 Sep 2018, 06:21 ]
Post subject:  Re: Moving completely LDDb.com to HTTPS

I only use FF on linux at work. Mac, at home (works fine so far). I'll try and double check the TLS thing later. I know I saw it in Chromium, but don't recall FF...

Author:  bryanb [ 02 Oct 2018, 17:41 ]
Post subject:  Re: Moving completely LDDb.com to HTTPS

Firefox 62.0.2 Fedora 28. Had to change security.tls.version.max to 3, and now the site works fine. Bug in FF for Fedora / Linux?

Author:  admin [ 23 Oct 2018, 15:23 ]
Post subject:  Re: Moving completely LDDb.com to HTTPS

bryanb wrote:
An error occurred during a connection to forum.lddb.com. SSL received a malformed Server Hello handshake message. Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO


Turns out both Chrome 70 and Firefox 63 are enabling the final version of TLS 1.3 that is not enabled on LDDb.
However the combo GNUTLS/mod_gnutls for Apache 2.4.x proved to be a problem.

I switched all HTTPS handling from GNUTLS to OPENSSL and it seems to improve things a little.

But still not perfect. The forum keeps coming back to HTTP instead of HTTPS and I have no idea why!

Julien

Author:  admin [ 12 Dec 2018, 23:04 ]
Post subject:  Re: Moving completely LDDb.com to HTTPS

Well,

SSLLABS.com upgraded their tests and both lddb.com and forum.lddb.com were only graded B.

I updated the cypher suites to match recent browsers and get the A+ ranking as well.


Julien

Page 1 of 1 All times are UTC [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/