Jump to content
Ketarin forum

SSL now enabled

crrodriguez

By crrodriguez,
in General discussion

 Share

Recommended Posts

crrodriguez Newbie

crrodriguez

Posted
Posted

Hi:

 

Sysadmin here :) We have enabled SSL in the website, and it is mandatory for the forum but optional in the main site.

 

This is intented to make the experience more secure, specially for forum user's passwords.

 

Use this post to report any problem you have with SSL access.

 

Cheers :D

Link to comment
Share on other sites
crrodriguez Newbie

crrodriguez

Posted
  • Author
Posted

Note that if you click "main site" in the forum menu, you will get front website over SSL, This is expected but not really intented, as a side effect of

the rolling of http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security ;-)

 

The trick is done by your browser, once you enter the forum, a header is set telling you client "use ssl only for this domain", shouldnt harm, so I 'll leave it as is. :-D

Link to comment
Share on other sites
Tomorrow Newbie

Tomorrow

Posted
Posted (edited)

I fixed my bookmark for the forum too.Now it correctly links to this forum.Before it had the cannaverbe in the domain name.Now it's just https://ketarin.org/forum/

 

Main site appears over SSL for me too at any time no matter if i open it directly or trough the forum.

Only the Wiki is not in SSL yet: http://wiki.ketarin.org/index.php/Ketarin_Wiki

Edited by Tomorrow
Link to comment
Share on other sites
crrodriguez Newbie

crrodriguez

Posted
  • Author
Posted

 

Main site appears over SSL for me too at any time no matter if i open it directly or trough the forum.

 

 

That is expected, proper browsers "remember" that the domain "ketarin.org" (not subdomains) is to be accessed over SSL,but only if you have visited a part of the site that demands SSL (like the forum) currently for 6 months (unless you delete your browser cache)

 

This is because your browser may send cookies over plain HTTP and break all application-side safe-guards.. :-) however cookies of this forum are currently being marked as "secure" hence no well behaving browser will send them in a plain text connection.

 

Only the Wiki is not in SSL yet: http://wiki.ketarin.org/index.php/Ketarin_Wiki

 

Only the main domain is available over SSL for now, the wiki is not, but may be in the future.

Link to comment
Share on other sites
crrodriguez Newbie

crrodriguez

Posted
  • Author
Posted

Finally No Internet Explorer version supports HTTP Strict Transport Security, only Chrome and Firefox, so IE users wont benefit from it, the relevant HTTP header is ignored and does nothing :-(

 

I hope someday MS fixes their stuff to behave sanely, experience tells me it is not going to happend :-P

Link to comment
Share on other sites
shawn Enthusiast

shawn

Posted
Posted

HSTS is still a draft. Not that it's not an important step forward, it's just not a standard. All the same, you can force SSL with any client using:

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Link to comment
Share on other sites
crrodriguez Newbie

crrodriguez

Posted
  • Author
Posted
HSTS is still a draft. Not that it's not an important step forward, it's just not a standard. All the same, you can force SSL with any client using:

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

 

That's exactly the way it is implemented already ;)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept