English Amiga Board


Go Back   English Amiga Board > abime.net - Home Projects > project.EAB

 
 
Thread Tools
Old 15 October 2019, 17:15   #21
mintsauce82
Junior Member
mintsauce82's Avatar
 
Join Date: Apr 2003
Location: Canada
Age: 37
Posts: 74
Quote:
It's as simple as that. Whether you're a bank or an Amiga forum, it should be encrypted.
Hear hear. It is a huge concern that the site doesn't use HTTPS at all. Having to log in over port 80 is a no-no.

It's a sad reality that if you want to do anything on the net these days, it's a good idea to encrypt. Common sense even. To do otherwise is a massive security risk.

If that means leaving Amigas unable to log in, then so be it. Security is much more important. Browse the forum on a modern computer.
mintsauce82 is offline  
Old 18 October 2019, 14:56   #22
gimbal
cheeky scoundrel
gimbal's Avatar
 
Join Date: Nov 2004
Location: Spijkenisse/Netherlands
Age: 38
Posts: 3,437
He he, something tells me our overlord is activating https right now because I'm seeing errors to that effect
gimbal is offline  
Old 18 October 2019, 15:04   #23
RCK
Administrator

RCK's Avatar
 
Join Date: Feb 2001
Location: Paris / France
Age: 41
Posts: 2,948
Done !

You can now access EAB with or without HTTPS, it's up to you
http://eab.abime.net/
https://eab.abime.net/
RCK is offline  
Old 18 October 2019, 15:17   #24
DamienD
Global Moderator

DamienD's Avatar
 
Join Date: Aug 2005
Location: London / Sydney
Age: 43
Posts: 15,418
Nice; many thanks RCK
DamienD is offline  
Old 18 October 2019, 15:25   #25
mintsauce82
Junior Member
mintsauce82's Avatar
 
Join Date: Apr 2003
Location: Canada
Age: 37
Posts: 74
Excellent! Very much appreciated, thank you RCK
mintsauce82 is offline  
Old 18 October 2019, 16:13   #26
gimbal
cheeky scoundrel
gimbal's Avatar
 
Join Date: Nov 2004
Location: Spijkenisse/Netherlands
Age: 38
Posts: 3,437
For some reason Chrome is not fully happy with it though, it claims the site is not fully secure without really telling why.
gimbal is offline  
Old 18 October 2019, 17:03   #27
solarmon
Registered User

solarmon's Avatar
 
Join Date: Dec 2018
Location: UK
Posts: 460
A comprehensive SSL check can be done at:

https://www.ssllabs.com/ssltest/anal...ime.net&latest

It looks like the main issue is that the web server is still offering weak ciphers and protocols (like TLS 1.1 and 1.2)
solarmon is offline  
Old 18 October 2019, 17:16   #28
demolition
Unregistered User
demolition's Avatar
 
Join Date: Sep 2012
Location: Copenhagen / DK
Age: 39
Posts: 3,969
Quote:
Originally Posted by gimbal View Post
For some reason Chrome is not fully happy with it though, it claims the site is not fully secure without really telling why.
Firefox says that while the certificate is valid for the main page, it contains elements from outside *.abime.net which means that it could be leaking information. Hence it will not show a green pad lock.
demolition is offline  
Old 18 October 2019, 17:16   #29
RCK
Administrator

RCK's Avatar
 
Join Date: Feb 2001
Location: Paris / France
Age: 41
Posts: 2,948
Quote:
Originally Posted by gimbal View Post
For some reason Chrome is not fully happy with it though, it claims the site is not fully secure without really telling why.
It's because of HOL's search box which is not in HTTPS
Look at one simpler site like https://mods.abime.net/, no problem.

This will be better when HOL will be moved on new server.
RCK is offline  
Old 18 October 2019, 17:17   #30
RCK
Administrator

RCK's Avatar
 
Join Date: Feb 2001
Location: Paris / France
Age: 41
Posts: 2,948
Quote:
Originally Posted by solarmon View Post
A comprehensive SSL check can be done at:

https://www.ssllabs.com/ssltest/anal...ime.net&latest

It looks like the main issue is that the web server is still offering weak ciphers and protocols (like TLS 1.1 and 1.2)
This is not the main problem, and I want to support weak ciphers for old browsers.
RCK is offline  
Old 18 October 2019, 17:22   #31
gimbal
cheeky scoundrel
gimbal's Avatar
 
Join Date: Nov 2004
Location: Spijkenisse/Netherlands
Age: 38
Posts: 3,437
It's clear, the boss is on it.

One thing I did notice on the ssl labs page is that the SSL certificate expires in only three months, that seems a little short. But maybe that's just how Let's Encrypt operates? I don't actually have any experience with them.
gimbal is offline  
Old 18 October 2019, 20:24   #32
nogginthenog
Amigan

 
Join Date: Feb 2012
Location: London
Posts: 857
Yes, that's how Let's Encrypt works. Generally you install a job to auto-renew every 30 days or so.
nogginthenog is offline  
Old 19 October 2019, 20:13   #33
cloverskull
Registered User

 
Join Date: Sep 2018
Location: California
Posts: 65
Thanks!
cloverskull is offline  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Similar Threads
Thread Thread Starter Forum Replies Last Post
https://www.imageupload.co.uk/ DamienD OT - General 31 22 September 2019 15:44
HTTPS Downgrader - surf the web with your amiga again! Cego support.Apps 0 07 January 2019 07:50
iBrowse and HTTPS sites? stu232 support.Apps 4 23 November 2014 20:54
ACATune not supported Retrofan support.Other 3 03 September 2012 02:24
games that need to be supported dlfrsilver Games images which need to be WHDified 0 08 January 2006 02:25

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 02:40.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc.
Page generated in 0.08925 seconds with 15 queries