|
It is currently 26 Apr 2024, 14:51
|
View unsolved topics | View unanswered posts
|
|
|
|
Author |
Message |
admin
|
Post subject: Moving completely LDDb.com to HTTPS Posted: 14 Feb 2018, 09:39 |
Site Admin |
|
|
Joined: 07 Aug 2002, 23:37 Posts: 4551 Location: Tokyo Has thanked: 295 times Been thanked: 1147 times
|
Hello everyone! Since Google was already penalizing website with no Secure HTTP and that Chrome will soon highlight all non-HTTPS sites as insecure... https://www.valet.io/google-penalize-websites-not-ssl-2017/https://www.theregister.co.uk/2018/02/08/google_chrome_http_shame/All pages of LDDb.com will now be served over HTTPS. I still have to find out which ones still have external contents served over HTTP (leading to mixed contents that are a BAD thing). I already fixed the IMDB auto-ranking script yesterday, but there might be more (like MOST of the pictures provided externally in the shops). The only remaining section non-secure will be the Forum because.... being forum.lddb.com and not lddb.com /forum, I need to buy a different certificate first! Julien
_________________ HARDWARE DATABASE HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
|
|
|
|
|
admin
|
Post subject: Re: Moving completely LDDb.com to HTTPS Posted: 14 Feb 2018, 10:52 |
Site Admin |
|
|
Joined: 07 Aug 2002, 23:37 Posts: 4551 Location: Tokyo Has thanked: 295 times Been thanked: 1147 times
|
And enforcing it with HSTS: SSL Report: lddb.comAttachment:
SSL.png [ 20.08 KiB | Viewed 8582 times ]
Julien
_________________ HARDWARE DATABASE HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
|
|
|
|
|
spyral
|
Post subject: Re: Moving completely LDDb.com to HTTPS Posted: 14 Feb 2018, 12:44 |
Genuinely interested |
|
|
Joined: 12 Dec 2016, 13:13 Posts: 42 Location: Switzerland Has thanked: 1 time Been thanked: 2 times
|
admin wrote: The only remaining section non-secure will be the Forum because.... being forum.lddb.com and not lddb.com/forum, I need to buy a different certificate first!
Why don't you use Let's Encrypt? Free stuff is always great
|
|
|
|
|
admin
|
Post subject: Re: Moving completely LDDb.com to HTTPS Posted: 05 Sep 2018, 05:41 |
Site Admin |
|
|
Joined: 07 Aug 2002, 23:37 Posts: 4551 Location: Tokyo Has thanked: 295 times Been thanked: 1147 times
|
spyral wrote: Why don't you use Let's Encrypt? Free stuff is always great Just needed to get used to the way this works to trust it enough forum.lddb.com is "let's encrypted" now! Attachment:
cert.png [ 6.17 KiB | Viewed 7545 times ]
Julien
_________________ HARDWARE DATABASE HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
|
|
|
|
|
admin
|
Post subject: Re: Moving completely LDDb.com to HTTPS Posted: 05 Sep 2018, 14:45 |
Site Admin |
|
|
Joined: 07 Aug 2002, 23:37 Posts: 4551 Location: Tokyo Has thanked: 295 times Been thanked: 1147 times
|
admin wrote: forum.lddb.com is "let's encrypted" now! I am experiencing some trouble switching from a PC to another PC. If the forum will not log you in automatically, just make sure that the URL has https://forum.lddb.com in front of it! Julien
_________________ HARDWARE DATABASE HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
|
|
|
|
|
admin
|
Post subject: Re: Moving completely LDDb.com to HTTPS Posted: 10 Sep 2018, 03:15 |
Site Admin |
|
|
Joined: 07 Aug 2002, 23:37 Posts: 4551 Location: Tokyo Has thanked: 295 times Been thanked: 1147 times
|
sjoerg wrote: I was struggling with the log in earlier too but things seem back to normal for me now, thanks for the post. Yes, sorry about that, moving phpBB3 from http to https isn't as smooth as expected. Turns out it keeps some cookie information on how to connect and will revert to http sometimes, blocking the auto-login mechanism Julien
_________________ HARDWARE DATABASE HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
|
|
|
|
|
admin
|
Post subject: Re: Moving completely LDDb.com to HTTPS Posted: 27 Sep 2018, 04:18 |
Site Admin |
|
|
Joined: 07 Aug 2002, 23:37 Posts: 4551 Location: Tokyo Has thanked: 295 times Been thanked: 1147 times
|
bryanb wrote: An error occurred during a connection to forum.lddb.com. SSL received a malformed Server Hello handshake message. Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO Yes my Windows FF 62.0.2 (64-bit) is quite happy. Only thing I changed few days ago was to upgrade GNUTLS from 3.6.2 to 3.6.4. Maybe it's a TLS 1.3 issue? Does your Browser tell you which TLS version it's trying to negotiate? Quote: Improved SSL/TLS Handshake
The second major thing that sets TLS 1.3 apart from its predecessors is its upgraded version of the SSL/TLS handshake. Before a secure connection is established between the client and the server, a handshake process is carried out between both the parties. This handshake involves a series of back-and-forth communication steps between the client and the server to validate each other’s and negotiate the terms of the data transfer. - Search for about:config in the address bar and press enter
- In the search space, search for tls.version.max
3 = TLS1.2 4 = TLS1.3 Running another round of SSLLABS validation... forum.lddb.com is using letsencrypt.org => A+ www.lddb.com is using gandi.net => A+ No handshake issues... Bug in FF for Fedora? Julien
_________________ HARDWARE DATABASE HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
|
|
|
|
|
admin
|
Post subject: Re: Moving completely LDDb.com to HTTPS Posted: 23 Oct 2018, 15:23 |
Site Admin |
|
|
Joined: 07 Aug 2002, 23:37 Posts: 4551 Location: Tokyo Has thanked: 295 times Been thanked: 1147 times
|
bryanb wrote: An error occurred during a connection to forum.lddb.com. SSL received a malformed Server Hello handshake message. Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO Turns out both Chrome 70 and Firefox 63 are enabling the final version of TLS 1.3 that is not enabled on LDDb. However the combo GNUTLS/mod_gnutls for Apache 2.4.x proved to be a problem. I switched all HTTPS handling from GNUTLS to OPENSSL and it seems to improve things a little. But still not perfect. The forum keeps coming back to HTTP instead of HTTPS and I have no idea why! Julien
_________________ HARDWARE DATABASE HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
|
|
|
|
|
admin
|
Post subject: Re: Moving completely LDDb.com to HTTPS Posted: 12 Dec 2018, 23:04 |
Site Admin |
|
|
Joined: 07 Aug 2002, 23:37 Posts: 4551 Location: Tokyo Has thanked: 295 times Been thanked: 1147 times
|
Well, SSLLABS.com upgraded their tests and both lddb.com and forum.lddb.com were only graded B. I updated the cypher suites to match recent browsers and get the A+ ranking as well. Julien
_________________ HARDWARE DATABASE HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
|
|
|
|
|
|
|
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|