LaserDisc Database https://forum.lddb.com/ |
|
Moving completely LDDb.com to HTTPS https://forum.lddb.com/viewtopic.php?f=2&t=7628 |
Page 1 of 1 |
Author: | admin [ 14 Feb 2018, 09:39 ] |
Post subject: | Moving completely LDDb.com to HTTPS |
Hello everyone! Since Google was already penalizing website with no Secure HTTP and that Chrome will soon highlight all non-HTTPS sites as insecure... https://www.valet.io/google-penalize-websites-not-ssl-2017/ https://www.theregister.co.uk/2018/02/08/google_chrome_http_shame/ All pages of LDDb.com will now be served over HTTPS. I still have to find out which ones still have external contents served over HTTP (leading to mixed contents that are a BAD thing). I already fixed the IMDB auto-ranking script yesterday, but there might be more (like MOST of the pictures provided externally in the shops). The only remaining section non-secure will be the Forum because.... being forum.lddb.com and not lddb.com/forum, I need to buy a different certificate first! Julien |
Author: | admin [ 14 Feb 2018, 10:52 ] |
Post subject: | Re: Moving completely LDDb.com to HTTPS |
And enforcing it with HSTS: SSL Report: lddb.com Attachment: Julien |
Author: | spyral [ 14 Feb 2018, 12:44 ] |
Post subject: | Re: Moving completely LDDb.com to HTTPS |
admin wrote: The only remaining section non-secure will be the Forum because.... being forum.lddb.com and not lddb.com/forum, I need to buy a different certificate first! Why don't you use Let's Encrypt? Free stuff is always great |
Author: | admin [ 05 Sep 2018, 05:41 ] |
Post subject: | Re: Moving completely LDDb.com to HTTPS |
spyral wrote: Why don't you use Let's Encrypt? Free stuff is always great Just needed to get used to the way this works to trust it enough forum.lddb.com is "let's encrypted" now! Attachment: cert.png [ 6.17 KiB | Viewed 7446 times ] Julien |
Author: | admin [ 05 Sep 2018, 14:45 ] |
Post subject: | Re: Moving completely LDDb.com to HTTPS |
admin wrote: forum.lddb.com is "let's encrypted" now! I am experiencing some trouble switching from a PC to another PC. If the forum will not log you in automatically, just make sure that the URL has https://forum.lddb.com in front of it! Julien |
Author: | rein-o [ 06 Sep 2018, 22:05 ] |
Post subject: | Re: Moving completely LDDb.com to HTTPS |
Thank you for posting that, I wasn't able to even read this topic until I saw your post on the main page. |
Author: | sjoerg [ 07 Sep 2018, 13:42 ] |
Post subject: | Re: Moving completely LDDb.com to HTTPS |
I was struggling with the log in earlier too but things seem back to normal for me now, thanks for the post. |
Author: | admin [ 10 Sep 2018, 03:15 ] |
Post subject: | Re: Moving completely LDDb.com to HTTPS |
sjoerg wrote: I was struggling with the log in earlier too but things seem back to normal for me now, thanks for the post. Yes, sorry about that, moving phpBB3 from http to https isn't as smooth as expected. Turns out it keeps some cookie information on how to connect and will revert to http sometimes, blocking the auto-login mechanism Julien |
Author: | bryanb [ 26 Sep 2018, 21:11 ] |
Post subject: | Re: Moving completely LDDb.com to HTTPS |
Firefox 62 on Fedora 28 Linux gives: Might also be my problem, unsure yet. Secure Connection Failed An error occurred during a connection to forum.lddb.com. SSL received a malformed Server Hello handshake message. Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO Chromium on same OS works ok. Windows Firefox works fine. |
Author: | admin [ 27 Sep 2018, 04:18 ] |
Post subject: | Re: Moving completely LDDb.com to HTTPS |
bryanb wrote: An error occurred during a connection to forum.lddb.com. SSL received a malformed Server Hello handshake message. Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO Yes my Windows FF 62.0.2 (64-bit) is quite happy. Only thing I changed few days ago was to upgrade GNUTLS from 3.6.2 to 3.6.4. Maybe it's a TLS 1.3 issue? Does your Browser tell you which TLS version it's trying to negotiate? Quote: Improved SSL/TLS Handshake The second major thing that sets TLS 1.3 apart from its predecessors is its upgraded version of the SSL/TLS handshake. Before a secure connection is established between the client and the server, a handshake process is carried out between both the parties. This handshake involves a series of back-and-forth communication steps between the client and the server to validate each other’s and negotiate the terms of the data transfer.
3 = TLS1.2 4 = TLS1.3 Running another round of SSLLABS validation... forum.lddb.com is using letsencrypt.org => A+ www.lddb.com is using gandi.net => A+ No handshake issues... Bug in FF for Fedora? Julien |
Author: | bryanb [ 27 Sep 2018, 06:21 ] |
Post subject: | Re: Moving completely LDDb.com to HTTPS |
I only use FF on linux at work. Mac, at home (works fine so far). I'll try and double check the TLS thing later. I know I saw it in Chromium, but don't recall FF... |
Author: | bryanb [ 02 Oct 2018, 17:41 ] |
Post subject: | Re: Moving completely LDDb.com to HTTPS |
Firefox 62.0.2 Fedora 28. Had to change security.tls.version.max to 3, and now the site works fine. Bug in FF for Fedora / Linux? |
Author: | admin [ 23 Oct 2018, 15:23 ] |
Post subject: | Re: Moving completely LDDb.com to HTTPS |
bryanb wrote: An error occurred during a connection to forum.lddb.com. SSL received a malformed Server Hello handshake message. Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO Turns out both Chrome 70 and Firefox 63 are enabling the final version of TLS 1.3 that is not enabled on LDDb. However the combo GNUTLS/mod_gnutls for Apache 2.4.x proved to be a problem. I switched all HTTPS handling from GNUTLS to OPENSSL and it seems to improve things a little. But still not perfect. The forum keeps coming back to HTTP instead of HTTPS and I have no idea why! Julien |
Author: | admin [ 12 Dec 2018, 23:04 ] |
Post subject: | Re: Moving completely LDDb.com to HTTPS |
Well, SSLLABS.com upgraded their tests and both lddb.com and forum.lddb.com were only graded B. I updated the cypher suites to match recent browsers and get the A+ ranking as well. Julien |
Page 1 of 1 | All times are UTC [ DST ] |
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |