Thread overview | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
December 02, 2015 https everywhere update - dlang.org gets an "A" now! | ||||
---|---|---|---|---|
| ||||
On 11/24/2015 10:59 AM, David Nadlinger wrote: > On Monday, 23 November 2015 at 20:55:32 UTC, Walter Bright wrote: >> I'm pleased to announce that Jan Knepper has gotten us some proper >> certificates now, and dlang.org and digitalmars.com are now fully https! > > There are a number of issues with how SSL is set up on the server, from > misconfiguration and/or outdated software: > https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on > > Compare this e.g. to issues.dlang.org, which achieves a solid A grade (although > it uses a SHA-1 intermediary certificate, which will lead to issues soon): > https://www.ssllabs.com/ssltest/analyze.html?d=issues.dlang.org&hideResults=on > > — David https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts. |
December 04, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
---|---|---|---|---|
| ||||
Posted in reply to Walter Bright | On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote: > https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on > > Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts. Nice work by Jan. I know how big of a hassle things like this can be so taking the time to actually do it is much appreciated. On a related note, Let's Encrypt hit public beta today[1]. With that I think we should be able to get all of the official infrastructure on TLS now. It's unfortunate it didn't come a bit sooner because now the NSA knows I read the entire DUB JSON thread, much to my shame. 1. https://letsencrypt.org/2015/12/03/entering-public-beta.html |
December 04, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
---|---|---|---|---|
| ||||
Posted in reply to Walter Bright | On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote:
> https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on
>
> Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts.
Thanks!
Also displays as https in Chrome now.
— David
|
December 03, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
---|---|---|---|---|
| ||||
Posted in reply to Brad Anderson | On 12/3/15 5:38 PM, Brad Anderson via Digitalmars-d-announce wrote:
> On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote:
>> https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on
>>
>> Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts.
>
> Nice work by Jan. I know how big of a hassle things like this can be so taking the time to actually
> do it is much appreciated.
>
> On a related note, Let's Encrypt hit public beta today[1]. With that I think we should be able to
> get all of the official infrastructure on TLS now. It's unfortunate it didn't come a bit sooner
> because now the NSA knows I read the entire DUB JSON thread, much to my shame.
>
> 1. https://letsencrypt.org/2015/12/03/entering-public-beta.html
I'm glad that letsencrypt is out there doing the publicity, but getting and using ssl certs has been free via startssl for several years now. What this new group is doing is the PR and marketing to get people to do it, of course under their own umbrella rather than another company's.
- Brad
|
December 04, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
---|---|---|---|---|
| ||||
Posted in reply to Brad Roberts | On Friday, 4 December 2015 at 02:29:52 UTC, Brad Roberts wrote:
> I'm glad that letsencrypt is out there doing the publicity, but getting and using ssl certs has been free via startssl for several years now. What this new group is doing is the PR and marketing to get people to do it, of course under their own umbrella rather than another company's.
The free StartSSL thing was also nigh-unusable – when I gave it a try, their in-browser CSR gen thing broke on whatever recent version of Firefox I was using, which left me with no cert, but them claiming I had exhausted their offer. They also have this weird thing where they offer "one host name plus domain" only, and charge users for revoking their cert (!).
— David
|
December 03, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
---|---|---|---|---|
| ||||
Posted in reply to David Nadlinger | On 12/3/2015 6:55 PM, David Nadlinger via Digitalmars-d-announce wrote:
> On Friday, 4 December 2015 at 02:29:52 UTC, Brad Roberts wrote:
>> I'm glad that letsencrypt is out there doing the publicity, but
>> getting and using ssl certs has been free via startssl for several
>> years now. What this new group is doing is the PR and marketing to
>> get people to do it, of course under their own umbrella rather than
>> another company's.
>
> The free StartSSL thing was also nigh-unusable – when I gave it a try,
> their in-browser CSR gen thing broke on whatever recent version of
> Firefox I was using, which left me with no cert, but them claiming I had
> exhausted their offer. They also have this weird thing where they offer
> "one host name plus domain" only, and charge users for revoking their
> cert (!).
>
> — David
Interesting.. I've never had any problems, though I've never needed to revoke a cert.
|
December 04, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
---|---|---|---|---|
| ||||
Posted in reply to Brad Anderson | On 2015-12-04 02:38, Brad Anderson wrote: > It's unfortunate it didn't come a bit sooner because now the NSA > knows I read the entire DUB JSON thread, much to my shame. You can expect a bill for "Wasting Time" in the mail anytime soon now :) -- /Jacob Carlborg |
December 04, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
---|---|---|---|---|
| ||||
Posted in reply to Walter Bright | On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote: > On 11/24/2015 10:59 AM, David Nadlinger wrote: > > On Monday, 23 November 2015 at 20:55:32 UTC, Walter Bright > wrote: > >> [...] > proper > >> [...] > fully https! > > > > There are a number of issues with how SSL is set up on the > server, from > > misconfiguration and/or outdated software: > > > https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on > > > > Compare this e.g. to issues.dlang.org, which achieves a solid > A grade (although > > it uses a SHA-1 intermediary certificate, which will lead to > issues soon): > > > https://www.ssllabs.com/ssltest/analyze.html?d=issues.dlang.org&hideResults=on > > > > — David > > https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on > > Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts. This is great. Can the certificate also be used for forum.dlang.org? I get a warning when I visit https://forum.dlang.org |
December 06, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
---|---|---|---|---|
| ||||
Posted in reply to Walter Bright | Forum widgets are broken on the home page. |
December 06, 2015 Re: https everywhere update - dlang.org gets an "A" now! | ||||
---|---|---|---|---|
| ||||
Posted in reply to Walter Bright | On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote: > Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts. This is what I get when I try: https://www.dlang.org/ "Your connection is not private Attackers might be trying to steal your information from www.dlang.org (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID" Matheus. |
Copyright © 1999-2021 by the D Language Foundation