Website encryption?

Problem? Question? Suggestion? Post it here.
Post Reply
User avatar
Clay
Articles: 0
Posts: 7138
Joined: Mon May 24, 2004 2:19 am
Location: Murray, KY

Website encryption?

Post by Clay »

I get a warning similar to this in the address bar:

Warning: this website does not support encryption for the page you are viewing.

This is on both the laptop with firefox (60.0.2, updated this month), and on the phone with whatever internet app is on it. Anyone else?
User avatar
Denyer
Articles: 3
Posts: 32515
Joined: Sun Sep 17, 2000 4:00 am
Contact:

Post by Denyer »

At a guess, Firefox have started doing something similar to Chrome where a site with what it assumes is a login form (i.e. fields marked username/password or similar) is flagged as not secure if it isn't using https. Chrome isn't particularly in-your-face about it, whereas it sounds as if Mozilla are being a bit more histrionic.

There's far more chance that someone with physical access to a device you're using will retrieve the browser cookie, which is sufficient to authenticate, and most workplaces and public access points MITM tamper with https traffic so they can filter it, so whilst it's with good intentions the protection is rather circumscribed.

Certificates aren't all they're cracked up to be either;
https://arstechnica.com/information-tec ... tps-certs/

I looked at https://letsencrypt.org/ for my own site, but it's not particularly straightforward unless a host has the control panel integration (and hosts are generally resellers for paid certificate providers).

TL;DR it's probably not going to change any time soon. And I think realistically this place is on a wind down -- I'll get the forum onto a version that supports PHP7 when I can make time, but I think it's past major changes.

On a complete tangent, last I noticed Mozilla had decided they wanted to hemorrhage users by breaking extensions like DownThemAll and refusing to modify their API.

edit:

Some interesting discussion on the http/https thing --

https://tech.slashdot.org/story/18/06/3 ... -misguided
User avatar
Clay
Articles: 0
Posts: 7138
Joined: Mon May 24, 2004 2:19 am
Location: Murray, KY

Post by Clay »

Thanks.
Denyer wrote:TL;DR it's probably not going to change any time soon. And I think realistically this place is on a wind down -- I'll get the forum onto a version that supports PHP7 when I can make time, but I think it's past major changes.
Yeah, but I don't want to give up on the place. I know there're other forums/communities, but it's the people here I like.
User avatar
TFArchive
Articles: 0
Posts: 357
Joined: Sat Jan 19, 2002 12:58 am
Custom Title: King Lurker
Location: Ottawa, Ontario
Contact:

Post by TFArchive »

Hey Guys,

I am forever grateful to you for keeping this place alive even though I've basically not had anything to do with it for 10 years now.

The site is so cheap to maintain these days that I will likely keep it online as long as possible, but I don't fault anyone for moving on after so many years.

I'm more than happy to get a cert for the site to ensure browsers don't block us in the future. I would suggest we do some upgrades before in case there are issues with certs in our ancient version of the software (OS and forum).

As you know, I'm way out of practice on updating the forum software, especially with the modifications we use but I'm more than willing to help out where possible. The site if backed up every morning at 4 AM eastern so if something breaks we can roll back to the previous day and if an mysqldump is taken we wouldn't lose any forum posts.

Thanks again.
Image
--
Brendan Reilly
The Transformers Archive
http://tfarchive.com/
User avatar
Brendocon 2.0
Articles: 0
Posts: 1545
Joined: Fri Feb 28, 2014 9:06 pm
Location: UK

Post by Brendocon 2.0 »

Clay wrote:it's the people here I like.
Sounds fake
User avatar
StoneCold Skywarp
Articles: 3
Posts: 6287
Joined: Sat Sep 16, 2000 4:00 am
Custom Title: Best Served Chilled
Location: UK

Post by StoneCold Skywarp »

Brendocon 2.0 wrote:Sounds fake
Confirmed bot. Banhammer required.

*waves at bossmonkey and leaves*
User avatar
Denyer
Articles: 3
Posts: 32515
Joined: Sun Sep 17, 2000 4:00 am
Contact:

Post by Denyer »

TFArchive wrote:Hey Guys,

I am forever grateful to you for keeping this place alive even though I've basically not had anything to do with it for 10 years now.

The site is so cheap to maintain these days that I will likely keep it online as long as possible, but I don't fault anyone for moving on after so many years.

I'm more than happy to get a cert for the site to ensure browsers don't block us in the future. I would suggest we do some upgrades before in case there are issues with certs in our ancient version of the software (OS and forum).

As you know, I'm way out of practice on updating the forum software, especially with the modifications we use but I'm more than willing to help out where possible. The site if backed up every morning at 4 AM eastern so if something breaks we can roll back to the previous day and if an mysqldump is taken we wouldn't lose any forum posts.

Thanks again.
As always, huge thanks to you for keeping the place a going concern for this long, it's still a very regular visit and place to keep up with people although life's caught up with most of us time-wise (mostly trying to renovate a house, personally).

If it's practical the free Let's Encrypt Certbot route is the way I'd go and on this kind of hosting it probably is. (Is this still a RH-type distro?)

Fingers crossed the forum on current branch shouldn't be too tricky -- the maintainers seem to have recognised that this major version is still widespread, particularly amongst what's left of the vbulletin.org modding community (there's been some kind of major parting of the ways with the owners and the people who were helming the latter though).

Will try to get it done sooner rather than later to give time to sort out OS/package upgrades.
User avatar
kerryjay
Protoform
Articles: 0
Posts: 1
Joined: Fri Aug 03, 2018 11:26 am

wordpress

Post by kerryjay »

why don t you try WordPress ?
User avatar
TFArchive
Articles: 0
Posts: 357
Joined: Sat Jan 19, 2002 12:58 am
Custom Title: King Lurker
Location: Ottawa, Ontario
Contact:

Re: Website encryption?

Post by TFArchive »

I have applied a cert and enabled https redirection. You might need to close and re-open your tab.

Please let me know if you find any issues.

Thanks
User avatar
Denyer
Articles: 3
Posts: 32515
Joined: Sun Sep 17, 2000 4:00 am
Contact:

Re: Website encryption?

Post by Denyer »

I've mentioned the certificate expiring to B, don't think I've got access at the moment to the account needed to fix it.

edit: I can turn off the auto-redirection from http to https though. Visitors using Chrome/Chromium/etc may want to hit Ctrl+Shift+R to fully refresh the page once they've made sure they're using http.
User avatar
TFArchive
Articles: 0
Posts: 357
Joined: Sat Jan 19, 2002 12:58 am
Custom Title: King Lurker
Location: Ottawa, Ontario
Contact:

Re: Website encryption?

Post by TFArchive »

Sorry about that, I never got an e-mail that it was expiring. It is renewed now until October.
User avatar
Denyer
Articles: 3
Posts: 32515
Joined: Sun Sep 17, 2000 4:00 am
Contact:

Re: Website encryption?

Post by Denyer »

Cheers. Does the automation cause issues with other things? I think the current version of certbot creates jobs unless told not to (and that's all my host does, AFAIK).
User avatar
TFArchive
Articles: 0
Posts: 357
Joined: Sat Jan 19, 2002 12:58 am
Custom Title: King Lurker
Location: Ottawa, Ontario
Contact:

Re: Website encryption?

Post by TFArchive »

I will look at enabling certbot or other automation. Thanks
Post Reply