It is currently 28 Mar 2024, 19:10




 Page 1 of 1 [ 14 posts ] 
Author Message
 Post subject: Moving completely LDDb.com to HTTPS
PostPosted: 14 Feb 2018, 09:39 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
Hello everyone!

Since Google was already penalizing website with no Secure HTTP and that Chrome will soon highlight all non-HTTPS sites as insecure...

https://www.valet.io/google-penalize-websites-not-ssl-2017/
https://www.theregister.co.uk/2018/02/08/google_chrome_http_shame/

All pages of LDDb.com will now be served over HTTPS.
I still have to find out which ones still have external contents served over HTTP (leading to mixed contents that are a BAD thing).
I already fixed the IMDB auto-ranking script yesterday, but there might be more (like MOST of the pictures provided externally in the shops).

The only remaining section non-secure will be the Forum because.... being forum.lddb.com and not lddb.com/forum, I need to buy a different certificate first!

Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 14 Feb 2018, 10:52 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
And enforcing it with HSTS:

SSL Report: lddb.com
Attachment:
SSL.png
SSL.png [ 20.08 KiB | Viewed 8290 times ]


Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 14 Feb 2018, 12:44 
Genuinely interested
Genuinely interested
User avatar

Joined: 12 Dec 2016, 13:13
Posts: 42
Location: Switzerland
Has thanked: 1 time
Been thanked: 2 times
admin wrote:

The only remaining section non-secure will be the Forum because.... being forum.lddb.com and not lddb.com/forum, I need to buy a different certificate first!


Why don't you use Let's Encrypt? Free stuff is always great :D
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 05 Sep 2018, 05:41 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
spyral wrote:
Why don't you use Let's Encrypt? Free stuff is always great :D


Just needed to get used to the way this works to trust it enough :-P

forum.lddb.com is "let's encrypted" now!

Attachment:
cert.png
cert.png [ 6.17 KiB | Viewed 7253 times ]


Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 05 Sep 2018, 14:45 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
admin wrote:
forum.lddb.com is "let's encrypted" now!


I am experiencing some trouble switching from a PC to another PC.

If the forum will not log you in automatically, just make sure that the URL has https://forum.lddb.com in front of it!

Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 06 Sep 2018, 22:05 
Jedi Master
Jedi Master
User avatar

Joined: 03 May 2004, 19:05
Posts: 8093
Location: Dullaware
Has thanked: 1218 times
Been thanked: 841 times
Thank you for posting that, I wasn't able to even read this topic until I saw your post on the main page.
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 07 Sep 2018, 13:42 
True fan
True fan
User avatar

Joined: 24 May 2016, 01:40
Posts: 297
Location: NY USA
Has thanked: 18 times
Been thanked: 29 times
I was struggling with the log in earlier too but things seem back to normal for me now, thanks for the post.
_________________
-LD Collection
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 10 Sep 2018, 03:15 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
sjoerg wrote:
I was struggling with the log in earlier too but things seem back to normal for me now, thanks for the post.


Yes, sorry about that, moving phpBB3 from http to https isn't as smooth as expected. Turns out it keeps some cookie information on how to connect and will revert to http sometimes, blocking the auto-login mechanism :-(

Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 26 Sep 2018, 21:11 
Shows curiousity
Shows curiousity
User avatar

Joined: 18 Jun 2014, 22:06
Posts: 27
Location: United States
Has thanked: 0 time
Been thanked: 1 time
Firefox 62 on Fedora 28 Linux gives:

Might also be my problem, unsure yet.

Secure Connection Failed

An error occurred during a connection to forum.lddb.com. SSL received a malformed Server Hello handshake message. Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO

Chromium on same OS works ok.

Windows Firefox works fine.
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 27 Sep 2018, 04:18 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
bryanb wrote:
An error occurred during a connection to forum.lddb.com. SSL received a malformed Server Hello handshake message. Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO


Yes my Windows FF 62.0.2 (64-bit) is quite happy.

Only thing I changed few days ago was to upgrade GNUTLS from 3.6.2 to 3.6.4.

Maybe it's a TLS 1.3 issue? Does your Browser tell you which TLS version it's trying to negotiate?

Quote:
Improved SSL/TLS Handshake

The second major thing that sets TLS 1.3 apart from its predecessors is its upgraded version of the SSL/TLS handshake. Before a secure connection is established between the client and the server, a handshake process is carried out between both the parties. This handshake involves a series of back-and-forth communication steps between the client and the server to validate each other’s and negotiate the terms of the data transfer.


  • Search for about:config in the address bar and press enter
  • In the search space, search for tls.version.max

3 = TLS1.2
4 = TLS1.3

Running another round of SSLLABS validation...

forum.lddb.com is using letsencrypt.org => A+
www.lddb.com is using gandi.net => A+

No handshake issues... Bug in FF for Fedora?

Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 27 Sep 2018, 06:21 
Shows curiousity
Shows curiousity
User avatar

Joined: 18 Jun 2014, 22:06
Posts: 27
Location: United States
Has thanked: 0 time
Been thanked: 1 time
I only use FF on linux at work. Mac, at home (works fine so far). I'll try and double check the TLS thing later. I know I saw it in Chromium, but don't recall FF...
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 02 Oct 2018, 17:41 
Shows curiousity
Shows curiousity
User avatar

Joined: 18 Jun 2014, 22:06
Posts: 27
Location: United States
Has thanked: 0 time
Been thanked: 1 time
Firefox 62.0.2 Fedora 28. Had to change security.tls.version.max to 3, and now the site works fine. Bug in FF for Fedora / Linux?
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 23 Oct 2018, 15:23 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
bryanb wrote:
An error occurred during a connection to forum.lddb.com. SSL received a malformed Server Hello handshake message. Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO


Turns out both Chrome 70 and Firefox 63 are enabling the final version of TLS 1.3 that is not enabled on LDDb.
However the combo GNUTLS/mod_gnutls for Apache 2.4.x proved to be a problem.

I switched all HTTPS handling from GNUTLS to OPENSSL and it seems to improve things a little.

But still not perfect. The forum keeps coming back to HTTP instead of HTTPS and I have no idea why!

Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
 Post subject: Re: Moving completely LDDb.com to HTTPS
PostPosted: 12 Dec 2018, 23:04 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
Well,

SSLLABS.com upgraded their tests and both lddb.com and forum.lddb.com were only graded B.

I updated the cypher suites to match recent browsers and get the A+ ranking as well.


Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
Display posts from previous:  Sort by  
 Page 1 of 1 [ 14 posts ] 


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

cron