digitalmars.D.announce - https everywhere update - dlang.org gets an "A" now!
- Walter Bright (3/13) Dec 02 2015 https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on
- Brad Anderson (10/12) Dec 03 2015 Nice work by Jan. I know how big of a hassle things like this can
- Brad Roberts via Digitalmars-d-announce (5/15) Dec 03 2015 I'm glad that letsencrypt is out there doing the publicity, but getting ...
- David Nadlinger (8/13) Dec 03 2015 The free StartSSL thing was also nigh-unusable – when I gave it a
- Brad Roberts via Digitalmars-d-announce (3/16) Dec 03 2015 Interesting.. I've never had any problems, though I've never needed to
- Jacob Carlborg (4/6) Dec 03 2015 You can expect a bill for "Wasting Time" in the mail anytime soon now :)
- David Nadlinger (5/7) Dec 03 2015 Thanks!
- Saurabh Das (5/29) Dec 04 2015 This is great.
- deadalnix (1/1) Dec 05 2015 Forum widgets are broken on the home page.
- mattcoder (8/9) Dec 05 2015 This is what I get when I try: https://www.dlang.org/
- Adil Baig via Digitalmars-d-announce (10/19) Dec 06 2015 +1 Same error. This part may help :
- Steven Schveighoffer (3/12) Dec 06 2015 Or redirect www.dlang.org to dlang.org
- Marc =?UTF-8?B?U2Now7x0eg==?= (4/21) Dec 06 2015 That won't help if someone already starts at
- Steven Schveighoffer (4/20) Dec 07 2015 I'm surprised it wouldn't. I wouldn't think a redirect would need to be
- Kapps (5/32) Dec 07 2015 It does. Otherwise you could bypass HTTPS entirely by replacing
- Chris Wright (8/17) Dec 07 2015 Well, only if you're trying to protect against MITM attacks. If you're
- Kapps (4/14) Dec 06 2015 StartSSL allows for one subdomain on their free plan (which is
- lobo (12/21) Dec 06 2015 This is what I get on firefox;
- =?UTF-8?Q?S=c3=b6nke_Ludwig?= (6/6) Dec 08 2015 Now also certified (Let's Encrypt made this really straight forward):
- Basile B. (3/4) Dec 11 2015 https://www.youtube.com/watch?v=OqkYr5uIreg&feature=youtu.be&t=49s
On 11/24/2015 10:59 AM, David Nadlinger wrote:On Monday, 23 November 2015 at 20:55:32 UTC, Walter Bright wrote:https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts.I'm pleased to announce that Jan Knepper has gotten us some proper certificates now, and dlang.org and digitalmars.com are now fully https!There are a number of issues with how SSL is set up on the server, from misconfiguration and/or outdated software: https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on Compare this e.g. to issues.dlang.org, which achieves a solid A grade (although it uses a SHA-1 intermediary certificate, which will lead to issues soon): https://www.ssllabs.com/ssltest/analyze.html?d=issues.dlang.org&hideResults=on — David
Dec 02 2015
On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote:https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts.Nice work by Jan. I know how big of a hassle things like this can be so taking the time to actually do it is much appreciated. On a related note, Let's Encrypt hit public beta today[1]. With that I think we should be able to get all of the official infrastructure on TLS now. It's unfortunate it didn't come a bit sooner because now the NSA knows I read the entire DUB JSON thread, much to my shame. 1. https://letsencrypt.org/2015/12/03/entering-public-beta.html
Dec 03 2015
On 12/3/15 5:38 PM, Brad Anderson via Digitalmars-d-announce wrote:On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote:I'm glad that letsencrypt is out there doing the publicity, but getting and using ssl certs has been free via startssl for several years now. What this new group is doing is the PR and marketing to get people to do it, of course under their own umbrella rather than another company's. - Bradhttps://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts.Nice work by Jan. I know how big of a hassle things like this can be so taking the time to actually do it is much appreciated. On a related note, Let's Encrypt hit public beta today[1]. With that I think we should be able to get all of the official infrastructure on TLS now. It's unfortunate it didn't come a bit sooner because now the NSA knows I read the entire DUB JSON thread, much to my shame. 1. https://letsencrypt.org/2015/12/03/entering-public-beta.html
Dec 03 2015
On Friday, 4 December 2015 at 02:29:52 UTC, Brad Roberts wrote:I'm glad that letsencrypt is out there doing the publicity, but getting and using ssl certs has been free via startssl for several years now. What this new group is doing is the PR and marketing to get people to do it, of course under their own umbrella rather than another company's.The free StartSSL thing was also nigh-unusable – when I gave it a try, their in-browser CSR gen thing broke on whatever recent version of Firefox I was using, which left me with no cert, but them claiming I had exhausted their offer. They also have this weird thing where they offer "one host name plus domain" only, and charge users for revoking their cert (!). — David
Dec 03 2015
On 12/3/2015 6:55 PM, David Nadlinger via Digitalmars-d-announce wrote:On Friday, 4 December 2015 at 02:29:52 UTC, Brad Roberts wrote:Interesting.. I've never had any problems, though I've never needed to revoke a cert.I'm glad that letsencrypt is out there doing the publicity, but getting and using ssl certs has been free via startssl for several years now. What this new group is doing is the PR and marketing to get people to do it, of course under their own umbrella rather than another company's.The free StartSSL thing was also nigh-unusable – when I gave it a try, their in-browser CSR gen thing broke on whatever recent version of Firefox I was using, which left me with no cert, but them claiming I had exhausted their offer. They also have this weird thing where they offer "one host name plus domain" only, and charge users for revoking their cert (!). — David
Dec 03 2015
On 2015-12-04 02:38, Brad Anderson wrote:It's unfortunate it didn't come a bit sooner because now the NSA knows I read the entire DUB JSON thread, much to my shame.You can expect a bill for "Wasting Time" in the mail anytime soon now :) -- /Jacob Carlborg
Dec 03 2015
On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote:https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts.Thanks! Also displays as https in Chrome now. — David
Dec 03 2015
On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote:On 11/24/2015 10:59 AM, David Nadlinger wrote:This is great. Can the certificate also be used for forum.dlang.org? I get a warning when I visit https://forum.dlang.orgOn Monday, 23 November 2015 at 20:55:32 UTC, Walter Brightwrote:proper[...]fully https![...]There are a number of issues with how SSL is set up on theserver, frommisconfiguration and/or outdated software:https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=onCompare this e.g. to issues.dlang.org, which achieves a solidA grade (althoughit uses a SHA-1 intermediary certificate, which will lead toissues soon):https://www.ssllabs.com/ssltest/analyze.html?d=issues.dlang.org&hideResults=on— Davidhttps://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts.
Dec 04 2015
On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote:Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts.This is what I get when I try: https://www.dlang.org/ "Your connection is not private Attackers might be trying to steal your information from www.dlang.org (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID" Matheus.
Dec 05 2015
+1 Same error. This part may help : This server could not prove that it is *www.dlang.org <http://www.dlang.org>*; its security certificate is from*dlang.org <http://dlang.org>* You will need a wild-card certificate (cheaper) or a certificate that allows multiple domain names (more expensive, and probably not required) for the cert to work. Adil On Sun, Dec 6, 2015 at 10:42 AM, mattcoder via Digitalmars-d-announce < digitalmars-d-announce puremagic.com> wrote:On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote:Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts.This is what I get when I try: https://www.dlang.org/ "Your connection is not private Attackers might be trying to steal your information from www.dlang.org (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID" Matheus.
Dec 06 2015
On 12/6/15 3:29 AM, Adil Baig via Digitalmars-d-announce wrote:+1 Same error. This part may help : This server could not prove that it is *www.dlang.org <http://www.dlang.org>*; its security certificate is from*dlang.org <http://dlang.org>* * * You will need a wild-card certificate (cheaper) or a certificate that allows multiple domain names (more expensive, and probably not required) for the cert to work.Or redirect www.dlang.org to dlang.org -Steve
Dec 06 2015
On Sunday, 6 December 2015 at 14:17:18 UTC, Steven Schveighoffer wrote:On 12/6/15 3:29 AM, Adil Baig via Digitalmars-d-announce wrote:That won't help if someone already starts at https://www.dlang.org/ .+1 Same error. This part may help : This server could not prove that it is *www.dlang.org <http://www.dlang.org>*; its security certificate is from*dlang.org <http://dlang.org>* * * You will need a wild-card certificate (cheaper) or a certificate that allows multiple domain names (more expensive, and probably not required) for the cert to work.Or redirect www.dlang.org to dlang.org -Steve
Dec 06 2015
On 12/6/15 11:32 AM, Marc Schütz wrote:On Sunday, 6 December 2015 at 14:17:18 UTC, Steven Schveighoffer wrote:I'm surprised it wouldn't. I wouldn't think a redirect would need to be encrypted. -SteveOn 12/6/15 3:29 AM, Adil Baig via Digitalmars-d-announce wrote:That won't help if someone already starts at https://www.dlang.org/ .+1 Same error. This part may help : This server could not prove that it is *www.dlang.org <http://www.dlang.org>*; its security certificate is from*dlang.org <http://dlang.org>* * * You will need a wild-card certificate (cheaper) or a certificate that allows multiple domain names (more expensive, and probably not required) for the cert to work.Or redirect www.dlang.org to dlang.org
Dec 07 2015
On Monday, 7 December 2015 at 14:38:39 UTC, Steven Schveighoffer wrote:On 12/6/15 11:32 AM, Marc Schütz wrote:It does. Otherwise you could bypass HTTPS entirely by replacing the redirect page with a non-encrypted copy of the dlang website with whatever modifications you like.On Sunday, 6 December 2015 at 14:17:18 UTC, Steven Schveighoffer wrote:I'm surprised it wouldn't. I wouldn't think a redirect would need to be encrypted. -SteveOn 12/6/15 3:29 AM, Adil Baig via Digitalmars-d-announce wrote:That won't help if someone already starts at https://www.dlang.org/ .+1 Same error. This part may help : This server could not prove that it is *www.dlang.org <http://www.dlang.org>*; its security certificate is from*dlang.org <http://dlang.org>* * * You will need a wild-card certificate (cheaper) or a certificate that allows multiple domain names (more expensive, and probably not required) for the cert to work.Or redirect www.dlang.org to dlang.org
Dec 07 2015
On Mon, 07 Dec 2015 14:48:52 +0000, Kapps wrote:On Monday, 7 December 2015 at 14:38:39 UTC, Steven Schveighoffer wrote:Well, only if you're trying to protect against MITM attacks. If you're only worried about people packet sniffing, you can redirect from an unencrypted page without a care. In a situation like this, where approximately no sensitive information is going back and forth, MITM isn't much of a concern (and packet sniffing isn't, either, for the most part, except if you're logging in with a password you reuse elsewhere).I'm surprised it wouldn't. I wouldn't think a redirect would need to be encrypted. -SteveIt does. Otherwise you could bypass HTTPS entirely by replacing the redirect page with a non-encrypted copy of the dlang website with whatever modifications you like.
Dec 07 2015
On Sunday, 6 December 2015 at 08:29:07 UTC, Adil Baig wrote:+1 Same error. This part may help : This server could not prove that it is *www.dlang.org <http://www.dlang.org>*; its security certificate is from*dlang.org <http://dlang.org>* You will need a wild-card certificate (cheaper) or a certificate that allows multiple domain names (more expensive, and probably not required) for the cert to work. AdilStartSSL allows for one subdomain on their free plan (which is generally the www subdomain). Letsencrypt allows for I think 5 atm as well.
Dec 06 2015
On Sunday, 6 December 2015 at 05:12:29 UTC, mattcoder wrote:On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote:This is what I get on firefox; This Connection is Untrusted You have asked Firefox to connect securely to www.dlang.org, but we can't confirm that your connection is secure. [snip]... Technical Details www.dlang.org uses an invalid security certificate. The certificate is only valid for dlang.org (Error code: ssl_error_bad_cert_domain) bye, loboDlang.org gets an "A" now! Thanks to Jan Knepper's efforts.This is what I get when I try: https://www.dlang.org/ "Your connection is not private Attackers might be trying to steal your information from www.dlang.org (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID" Matheus.
Dec 06 2015
Now also certified (Let's Encrypt made this really straight forward): https://code.dlang.org/ https://forum.rejectedsoftware.com/ https://vibed.org/ All pass with an A for the ssllabs.com test. I'll also setup default HTTP->HTTPS redirects.
Dec 08 2015
On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote:Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts.https://www.youtube.com/watch?v=OqkYr5uIreg&feature=youtu.be&t=49s
Dec 11 2015
On Friday, 11 December 2015 at 21:22:06 UTC, Basile B. wrote:On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote:we're safe...Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts.https://www.youtube.com/watch?v=OqkYr5uIreg&feature=youtu.be&t=49s
Dec 11 2015
On Friday, 11 December 2015 at 21:24:07 UTC, Basile B. wrote:On Friday, 11 December 2015 at 21:22:06 UTC, Basile B. wrote:I hope you get the irony...On Wednesday, 2 December 2015 at 22:17:20 UTC, Walter Bright wrote:we're safe...Dlang.org gets an "A" now! Thanks to Jan Knepper's efforts.https://www.youtube.com/watch?v=OqkYr5uIreg&feature=youtu.be&t=49s
Dec 11 2015