This bbs now uses https exclusively

MkFly · 2010-08-13 01:03:26

I see the certificate has changed ... very nice. The Arch SSL went from 'F' to 'A' overnight on Qualys' SSL Labs Server Test:
https://www.ssllabs.com/ssldb/analyze.h … hlinux.org

sand_man · 2010-08-13 01:53:20

What was causing the low score previously?

anonymous_user · 2010-08-13 02:07:24

So will we have to download a new certificate for this? What about for non-Arch supplied browsers?

Pierre · 2010-08-13 06:01:04

No you don't need to do anything as the new cert is included in virtually all browsers and operating systems.

kbrosnan · 2010-08-18 13:29:49

sand_man wrote:

What was causing the low score previously?

Using an untrusted CA, https://www.ssllabs.com/ssldb/analyze.html?d=cacert.org

bobdob · 2010-08-18 15:39:47

After a combination of firefox 4.0b4 and adblock broke redirects, I noticed that the forum link on the home page points to http:// instead of https://.
Did this never get changed or is it supposed to be like that?

angvp · 2010-08-20 14:09:01

I think that there is a re-locator rule for conserving the old links (301)

adamlau · 2010-09-26 05:51:44

HTTPS bites! My mobile newsreader (FreeRange Reader) cannot load the HTTPS forums and bugtracker feeds .

cactus · 2010-09-27 23:34:12

adamlau wrote:

HTTPS bites! My mobile newsreader (FreeRange Reader) cannot load the HTTPS forums and bugtracker feeds .

You could probably use a yahoo pipes thing to convert the https feed to an http feed.

chris-kun · 2010-09-28 00:03:12

what's the point in using https exclusively?

itman · 2010-09-28 08:33:54

bobdob wrote:

After a combination of firefox 4.0b4 and adblock broke redirects, I noticed that the forum link on the home page points to http:// instead of https://.
Did this never get changed or is it supposed to be like that?

By homepage you're referring to http://home.archlinux.ca/? I've mailed to the author with the request to change it to https, but didn't get any answer.

mrunion · 2010-09-28 12:23:53

chris-kun wrote:

what's the point in using https exclusively?

Agreed. Seems like we could at least have a choice of whether we wanted https or http. I don't mind manually removing the 's' myself either.

karol · 2010-09-28 13:02:01

itman wrote:

bobdob wrote:
After a combination of firefox 4.0b4 and adblock broke redirects, I noticed that the forum link on the home page points to http:// instead of https://.
Did this never get changed or is it supposed to be like that?
By homepage you're referring to http://home.archlinux.ca/? I've mailed to the author with the request to change it to https, but didn't get any answer.

Homepage http://www.archlinux.org/

Ledti · 2010-10-27 06:29:52

http://codebutler.com/firesheep-a-day-later is relevant to this discussion.

Arch has good timing. t_t

litemotiv · 2010-10-27 07:27:01

Ledti wrote:

http://codebutler.com/firesheep-a-day-later is relevant to this discussion.
Arch has good timing. t_t

I was just thinking about that.

Kosmonavt · 2010-10-27 14:45:33

When talking about AUR, it's all right (nobody wants to compile unknown-whatever). But using it for forum IS ridiculous. Of course, session hijacking can occur, but what will be lost if some messages in a thread about latest screenshots would be corrupted. Looks like nothing.

Also, real alternative is not "SSL Everywhere", but using IPv6 globally, since it has built-in, enabled-by-default IPsec. THEN it will be nice and truly secured. Sadly, it isn't near future.

655321 · 2010-10-28 23:26:48

I enter everyday to the forums via blackberry browser, and every single time the browser asks me if I trust the certificate and accept, I have to do this everytime I enter a forums page, so annoying...other secure sites work perfectly, can you guys look into this?

Opera mini wont even let me log in to the forums, claims the password is wrong even though it isn't.

Bolt browser has the same problem than the native Blackberry browser.

hope you guys can help.

cheers

atordo · 2010-10-30 21:44:18

Xyne wrote:

Even if you are not concerned about privacy, there is still no reason to be against it.
* concrete example and a potential taste of things to come: direct insertion of data into your data stream for marketing purposes

Interesting and scary link you posted there. Even though I think my info in this site is mostly irrelevant, the important thing is that somebody cared enough to do something and actually did it. This is more than most of us do, so I welcome the change to https even if it carries some minor annoyances.

Arch Linux

#126 2010-08-13 01:03:26

Re: This bbs now uses https exclusively

#127 2010-08-13 01:53:20

Re: This bbs now uses https exclusively

#128 2010-08-13 02:07:24

Re: This bbs now uses https exclusively

#129 2010-08-13 06:01:04

Re: This bbs now uses https exclusively

#130 2010-08-18 13:29:49

Re: This bbs now uses https exclusively

#131 2010-08-18 15:39:47

Re: This bbs now uses https exclusively

#132 2010-08-20 14:09:01

Re: This bbs now uses https exclusively

#133 2010-09-26 05:51:44

Re: This bbs now uses https exclusively

#134 2010-09-27 23:34:12

Re: This bbs now uses https exclusively

#135 2010-09-28 00:03:12

Re: This bbs now uses https exclusively

#136 2010-09-28 08:33:54

Re: This bbs now uses https exclusively

#137 2010-09-28 12:23:53

Re: This bbs now uses https exclusively

#138 2010-09-28 13:02:01

Re: This bbs now uses https exclusively

#139 2010-10-27 06:29:52

Re: This bbs now uses https exclusively

#140 2010-10-27 07:27:01

Re: This bbs now uses https exclusively

#141 2010-10-27 14:45:33

Re: This bbs now uses https exclusively

#142 2010-10-28 23:26:48

Re: This bbs now uses https exclusively

#143 2010-10-30 21:44:18

Re: This bbs now uses https exclusively

Board footer