November 24, 2015 Re: https everywhere! | ||||
---|---|---|---|---|
| ||||
Posted in reply to duff | On Tuesday, 24 November 2015 at 19:13:22 UTC, duff wrote:
> You're part of the bikscheder team.
What is this even supposed to mean?
— David
|
November 24, 2015 Re: https everywhere! | ||||
---|---|---|---|---|
| ||||
Posted in reply to David Nadlinger | On 11/24/2015 10:59 AM, David Nadlinger wrote:
> There are a number of issues with how SSL is set up on the server, from
> misconfiguration and/or outdated software:
> https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on
>
> Compare this e.g. to issues.dlang.org, which achieves a solid A grade (although
> it uses a SHA-1 intermediary certificate, which will lead to issues soon):
> https://www.ssllabs.com/ssltest/analyze.html?d=issues.dlang.org&hideResults=on
Thanks, I forwarded this to Jan.
|
November 25, 2015 Re: https everywhere! | ||||
---|---|---|---|---|
| ||||
Posted in reply to duff | On Tuesday, 24 November 2015 at 19:13:22 UTC, duff wrote:
> On Tuesday, 24 November 2015 at 18:59:39 UTC, David Nadlinger wrote:
>> Compare this e.g. to issues.dlang.org, which achieves a solid A grade (although it uses a SHA-1 intermediary certificate, which will lead to issues soon): https://www.ssllabs.com/ssltest/analyze.html?d=issues.dlang.org&hideResults=on
>>
>> — David
>
> You're part of the bikscheder team.
He is part of the doers. You may want to consider joining that team, but be warned, it require actual work.
|
November 25, 2015 Re: https everywhere! | ||||
---|---|---|---|---|
| ||||
Posted in reply to Walter Bright | On Monday, 23 November 2015 at 20:55:32 UTC, Walter Bright wrote: > I'm pleased to announce that Jan Knepper has gotten us some proper certificates now, and dlang.org and digitalmars.com are now fully https! Trying to access https://forum.dlang.org/ I get a "This Connection Is Untrusted" page from Firefox, which notes: ---------------- forum.dlang.org uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for * (Error code: sec_error_unknown_issuer) ---------------- It's a good thing that I know and love this place, because usually when I see that kind of error on a website, I take it as a sign to steer clear ;-) |
November 28, 2015 Re: https everywhere! | ||||
---|---|---|---|---|
| ||||
Posted in reply to Walter Bright | On Monday, 23 November 2015 at 20:55:32 UTC, Walter Bright wrote: > I'm pleased to announce that Jan Knepper has gotten us some proper certificates now, and dlang.org and digitalmars.com are now fully https! Glad to hear that as it's a requirement to host installer scipts and our gpg keyring with some trust. https://github.com/D-Programming-Language/installer/pull/162 Guess we'll quickly fix the few non-shema relative urls. |
November 28, 2015 Re: https everywhere! | ||||
---|---|---|---|---|
| ||||
Posted in reply to Vladimir Panteleev | On Tuesday, 24 November 2015 at 08:48:58 UTC, Vladimir Panteleev wrote: > Sorry, I'm not going to pay for my own SSL certificate :) You'll either have to share, or wait until Let's Encrypt goes live and I get around to setting it up. You could either get a free startssl certificate https://gist.github.com/mgedmin/7124635 or we try to reverse proxy through dlang.org/forum or so. |
November 28, 2015 Re: https everywhere! | ||||
---|---|---|---|---|
| ||||
Posted in reply to Martin Nowak | On Saturday, 28 November 2015 at 04:17:19 UTC, Martin Nowak wrote:
> On Tuesday, 24 November 2015 at 08:48:58 UTC, Vladimir Panteleev wrote:
>> Sorry, I'm not going to pay for my own SSL certificate :) You'll either have to share, or wait until Let's Encrypt goes live and I get around to setting it up.
>
> You could either get a free startssl certificate https://gist.github.com/mgedmin/7124635 or we try to reverse proxy through dlang.org/forum or so.
Could I send a CSR? Would that make sense?
|
November 30, 2015 Re: https everywhere! | ||||
---|---|---|---|---|
| ||||
Posted in reply to Martin Nowak | On Saturday, 28 November 2015 at 04:17:19 UTC, Martin Nowak wrote: > On Tuesday, 24 November 2015 at 08:48:58 UTC, Vladimir Panteleev wrote: >> Sorry, I'm not going to pay for my own SSL certificate :) You'll either have to share, or wait until Let's Encrypt goes live and I get around to setting it up. > > You could either get a free startssl certificate https://gist.github.com/mgedmin/7124635 or we try to reverse proxy through dlang.org/forum or so. Letsencrypt goes into open beta in a few days (https://letsencrypt.org/2015/11/12/public-beta-timing.html). Could use that since it's free, allows subdomains (unlike StartSSL), easy setup, and people theoretically aren't doing anything on the site / forums where a theoretical early vulnerability is a huge concern. |
Copyright © 1999-2021 by the D Language Foundation