December 06, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to mattcoder Attachments:
| +1 Same error. This part may help : This server could not prove that it is *www.dlang.org <http://www.dlang.org>*; its security certificate is from*dlang.org <http://dlang.org>* You will need a wild-card certificate (cheaper) or a certificate that allows multiple domain names (more expensive, and probably not required) for the cert to work. Adil On Sun, Dec 6, 2015 at 10:42 AM, mattcoder via Digitalmars-d-announce < digitalmars-d-announce@puremagic.com> wrote: > On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote: > >> Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts. >> > > This is what I get when I try: https://www.dlang.org/ > > "Your connection is not private > > Attackers might be trying to steal your information from www.dlang.org (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID" > > Matheus. > | |||
Permalink
ReplyDecember 06, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Adil Baig | On 12/6/15 3:29 AM, Adil Baig via Digitalmars-d-announce wrote:
> +1 Same error. This part may help :
>
> This server could not prove that it is *www.dlang.org
> <http://www.dlang.org>*; its security certificate is from*dlang.org
> <http://dlang.org>*
> *
> *
> You will need a wild-card certificate (cheaper) or a certificate that
> allows multiple domain names (more expensive, and probably not required)
> for the cert to work.
>
Or redirect www.dlang.org to dlang.org
-Steve
| |||
December 06, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Steven Schveighoffer | On Sunday, 6 December 2015 at 14:17:18 UTC, Steven Schveighoffer wrote: > On 12/6/15 3:29 AM, Adil Baig via Digitalmars-d-announce wrote: >> +1 Same error. This part may help : >> >> This server could not prove that it is *www.dlang.org >> <http://www.dlang.org>*; its security certificate is from*dlang.org >> <http://dlang.org>* >> * >> * >> You will need a wild-card certificate (cheaper) or a certificate that >> allows multiple domain names (more expensive, and probably not required) >> for the cert to work. >> > > Or redirect www.dlang.org to dlang.org > > -Steve That won't help if someone already starts at https://www.dlang.org/ . | |||
December 06, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Adil Baig | On Sunday, 6 December 2015 at 08:29:07 UTC, Adil Baig wrote:
> +1 Same error. This part may help :
>
> This server could not prove that it is *www.dlang.org <http://www.dlang.org>*; its security certificate is from*dlang.org <http://dlang.org>*
>
> You will need a wild-card certificate (cheaper) or a certificate that
> allows multiple domain names (more expensive, and probably not required)
> for the cert to work.
>
> Adil
StartSSL allows for one subdomain on their free plan (which is generally the www subdomain). Letsencrypt allows for I think 5 atm as well.
| |||
December 07, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to mattcoder | On Sunday, 6 December 2015 at 05:12:29 UTC, mattcoder wrote:
> On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote:
>> Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts.
>
> This is what I get when I try: https://www.dlang.org/
>
> "Your connection is not private
>
> Attackers might be trying to steal your information from www.dlang.org (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID"
>
> Matheus.
This is what I get on firefox;
This Connection is Untrusted
You have asked Firefox to connect securely to www.dlang.org, but we can't confirm that your connection is secure.
[snip]...
Technical Details
www.dlang.org uses an invalid security certificate. The certificate is only valid for dlang.org (Error code: ssl_error_bad_cert_domain)
bye,
lobo
| |||
December 07, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Marc Schütz | On 12/6/15 11:32 AM, Marc Schütz wrote:
> On Sunday, 6 December 2015 at 14:17:18 UTC, Steven Schveighoffer wrote:
>> On 12/6/15 3:29 AM, Adil Baig via Digitalmars-d-announce wrote:
>>> +1 Same error. This part may help :
>>>
>>> This server could not prove that it is *www.dlang.org
>>> <http://www.dlang.org>*; its security certificate is from*dlang.org
>>> <http://dlang.org>*
>>> *
>>> *
>>> You will need a wild-card certificate (cheaper) or a certificate that
>>> allows multiple domain names (more expensive, and probably not required)
>>> for the cert to work.
>>>
>>
>> Or redirect www.dlang.org to dlang.org
>
> That won't help if someone already starts at https://www.dlang.org/ .
I'm surprised it wouldn't. I wouldn't think a redirect would need to be encrypted.
-Steve
| |||
December 07, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Steven Schveighoffer | On Monday, 7 December 2015 at 14:38:39 UTC, Steven Schveighoffer wrote:
> On 12/6/15 11:32 AM, Marc Schütz wrote:
>> On Sunday, 6 December 2015 at 14:17:18 UTC, Steven Schveighoffer wrote:
>>> On 12/6/15 3:29 AM, Adil Baig via Digitalmars-d-announce wrote:
>>>> +1 Same error. This part may help :
>>>>
>>>> This server could not prove that it is *www.dlang.org
>>>> <http://www.dlang.org>*; its security certificate is from*dlang.org
>>>> <http://dlang.org>*
>>>> *
>>>> *
>>>> You will need a wild-card certificate (cheaper) or a certificate that
>>>> allows multiple domain names (more expensive, and probably not required)
>>>> for the cert to work.
>>>>
>>>
>>> Or redirect www.dlang.org to dlang.org
>>
>> That won't help if someone already starts at https://www.dlang.org/ .
>
> I'm surprised it wouldn't. I wouldn't think a redirect would need to be encrypted.
>
> -Steve
It does. Otherwise you could bypass HTTPS entirely by replacing the redirect page with a non-encrypted copy of the dlang website with whatever modifications you like.
| |||
December 07, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Kapps | On Mon, 07 Dec 2015 14:48:52 +0000, Kapps wrote:
> On Monday, 7 December 2015 at 14:38:39 UTC, Steven Schveighoffer wrote:
>> I'm surprised it wouldn't. I wouldn't think a redirect would need to be encrypted.
>>
>> -Steve
>
> It does. Otherwise you could bypass HTTPS entirely by replacing the redirect page with a non-encrypted copy of the dlang website with whatever modifications you like.
Well, only if you're trying to protect against MITM attacks. If you're only worried about people packet sniffing, you can redirect from an unencrypted page without a care.
In a situation like this, where approximately no sensitive information is going back and forth, MITM isn't much of a concern (and packet sniffing isn't, either, for the most part, except if you're logging in with a password you reuse elsewhere).
| |||
December 08, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Walter Bright | Now also certified (Let's Encrypt made this really straight forward): https://code.dlang.org/ https://forum.rejectedsoftware.com/ https://vibed.org/ All pass with an A for the ssllabs.com test. I'll also setup default HTTP->HTTPS redirects. | |||
December 11, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Walter Bright | On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote: > Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts. https://www.youtube.com/watch?v=OqkYr5uIreg&feature=youtu.be&t=49s | |||
Copyright © 1999-2021 by the D Language Foundation