Author Topic: SSL/TLS Time to update your HTTP server.  (Read 1365 times)

0 Members and 1 Guest are viewing this topic.

Offline lmester

  • Regular Contributor
  • *
  • Posts: 125
  • Country: us
    • My page
SSL/TLS Time to update your HTTP server.
« on: March 25, 2018, 01:16:02 am »

Every web site will eventually need to switch to HTTPS.

Chrome is going to start flagging HTTP sites as "not secure" in July. Firefox currently gives a "This connection is not secure" warning for logins on HTTP sites.

I recently switched my home server over to HTTPS. For my home server I couldn't justify paying for a SSL/TLS certificate. Luckily you can now get a certificate for free! Check out https://letsencrypt.org/

If you're running a home web server there's now no reason not to upgrade to HTTPS. The certificate is free.

I wonder when EEVBlog will switch?
 

Offline Monkeh

  • Super Contributor
  • ***
  • Posts: 6499
  • Country: gb
Re: SSL/TLS Time to update your HTTP server.
« Reply #1 on: March 25, 2018, 01:16:56 am »
Welcome to ancient history, EEVBlog already supports HTTPS.
 

Offline lmester

  • Regular Contributor
  • *
  • Posts: 125
  • Country: us
    • My page
Re: SSL/TLS Time to update your HTTP server.
« Reply #2 on: March 25, 2018, 01:44:20 am »
Welcome to ancient history, EEVBlog already supports HTTPS.

Thanks, Looks like EEVBlog chose not to use a 301 redirect to their HTTPS. They may want to add a 301 to fix it for people like me that bookmarked the site years ago. I just updated my EEVBlog bookmark.
 

Offline amyk

  • Super Contributor
  • ***
  • Posts: 6848
Re: SSL/TLS Time to update your HTTP server.
« Reply #3 on: March 25, 2018, 03:21:29 am »
It's only "free" in the sense that you've now given a third-party more control over whether your site is accessible. If they revoke your certificate for whatever reason, your visitors will suddenly start getting warnings.

There's nothing secret here. Stay insecure, stay free.
 
The following users thanked this post: Andy Watson, Zucca, nugglix

Online Ian.M

  • Super Contributor
  • ***
  • Posts: 8798
Re: SSL/TLS Time to update your HTTP server.
« Reply #4 on: March 25, 2018, 04:06:07 am »
Welcome to ancient history, EEVBlog already supports HTTPS.

Thanks, Looks like EEVBlog chose not to use a 301 redirect to their HTTPS. They may want to add a 301 to fix it for people like me that bookmarked the site years ago. I just updated my EEVBlog bookmark.

That would remove user choice.   Not everyone has the latest/greatest browsers running on current ix86 or ARM hardware, and forcing HTTPS *WILL* lock out users on legacy hardware that are incaplable of upgrading the OS to permit upgrading to a modern browser.

This has been extensively :horse: discussed last year:
https://www.eevblog.com/forum/news/server-ssl-upgrade/
https://www.eevblog.com/forum/chat/when-will-eevblog-use-https-by-default/
https://www.eevblog.com/forum/chat/the-site-is-still-not-completely-tls-exclusive/
and Gnif put a lot of work into making it work as seamlessly as possible for *ALL* users.  Don't expect changes just because you are too lazy to update your stale bookmarks.   

 
The following users thanked this post: amyk, gnif, nugglix

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9512
  • Country: 00
  • Display aficionado
Re: SSL/TLS Time to update your HTTP server.
« Reply #5 on: March 25, 2018, 06:57:47 am »
It's only "free" in the sense that you've now given a third-party more control over whether your site is accessible. If they revoke your certificate for whatever reason, your visitors will suddenly start getting warnings.

There's nothing secret here. Stay insecure, stay free.
You could argue that's offset by people being unable to inject, monitor or tamper with your site's data along the way.
 

Offline T3sl4co1l

  • Super Contributor
  • ***
  • Posts: 15442
  • Country: us
  • Expert, Analog Electronics, PCB Layout, EMC
    • Seven Transistor Labs
Re: SSL/TLS Time to update your HTTP server.
« Reply #6 on: March 25, 2018, 09:53:14 pm »
I've been running LE for something over a year now, I think.  They recently rolled out wildcard domain certs!  If you run a lot of domains, give it a look. :)

Tim
Seven Transistor Labs, LLC
Electronic design, from concept to prototype.
Bringing a project to life?  Send me a message!
 

Offline gnif

  • Administrator
  • *****
  • Posts: 1162
  • Country: au
Re: SSL/TLS Time to update your HTTP server.
« Reply #7 on: March 25, 2018, 10:24:24 pm »
Yeah, the server already uses LetsEncrypt certs, and the forum has a special module I wrote that corrects all links and forms based on if you view via HTTP or HTTPS to retain backwards compatibility. Just update your bookmarks if you want to use SSL.
HostFission - Full Server Monitoring and Management Solutions.
https://hostfission.com/
https://twitter.com/HostFission

Note: I am NOT a moderator or arbiter of disputes, my Admin level of access is so that I can perform management of the server on behalf of Dave. Do not contact me over such issues
 

Offline bson

  • Supporter
  • ****
  • Posts: 1677
  • Country: us
Re: SSL/TLS Time to update your HTTP server.
« Reply #8 on: March 25, 2018, 10:35:21 pm »
Yeah, the server already uses LetsEncrypt certs, and the forum has a special module I wrote that corrects all links and forms based on if you view via HTTP or HTTPS to retain backwards compatibility. Just update your bookmarks if you want to use SSL.
I know someone who shut down their site because it wasn't realistic to do exactly this - and the dumbtarded software it ran inserted absolute links to itself all over the place.  Not upgradable, not fixable.  It had some 7000 articles and stories, being dependent on search results to drive traffic, and without that it was demonetized and shutting it down was the only realistic option.  (Actually, the assets were sold to a competitor, who bought it to shut it down, but decided to leave the material around as a reference, as its own property. :))  The people who built that system weren't technical, and the site designer they hired had no idea about such technicalities.  (It also had a million other stupid software issues, like occasionally running extremely complex cross-table queries against mysql, that couldn't be optimized; when this happened the whole site would stop and hang for a few seconds.)  They couldn't really blame anyone for this, just all unfortunate, and not something the ideologues at google would think twice about killing off.
 

Offline sokoloff

  • Super Contributor
  • ***
  • Posts: 1442
  • Country: us
Re: SSL/TLS Time to update your HTTP server.
« Reply #9 on: March 25, 2018, 11:41:46 pm »
Yeah, the server already uses LetsEncrypt certs, and the forum has a special module I wrote that corrects all links and forms based on if you view via HTTP or HTTPS to retain backwards compatibility. Just update your bookmarks if you want to use SSL.
I know someone who shut down their site because it wasn't realistic to do exactly this - and the dumbtarded software it ran inserted absolute links to itself all over the place.  Not upgradable, not fixable.  It had some 7000 articles and stories, being dependent on search results to drive traffic, and without that it was demonetized and shutting it down was the only realistic option.  (Actually, the assets were sold to a competitor, who bought it to shut it down, but decided to leave the material around as a reference, as its own property. :))  The people who built that system weren't technical, and the site designer they hired had no idea about such technicalities.  (It also had a million other stupid software issues, like occasionally running extremely complex cross-table queries against mysql, that couldn't be optimized; when this happened the whole site would stop and hang for a few seconds.)  They couldn't really blame anyone for this, just all unfortunate, and not something the ideologues at google would think twice about killing off.
There's very little that isn't fixable in software/ops.

In this case, running a reverse proxy that rewrote the outgoing html as needed would be a reasonable solution to the part of the problem where google has any influence. It may not have been worth the time and effort to the original site owner, but that's a half to two day task for someone experienced in ops.

Alternately, use a CDN that allows insecure connections to the origin and have the CDN serve traffic to googlebot over SSL. Less time, more money.
 

Offline bitman

  • Supporter
  • ****
  • Posts: 250
  • Country: us
  • Open Source Guy jabbing with Electronics
Re: SSL/TLS Time to update your HTTP server.
« Reply #10 on: March 26, 2018, 02:49:37 am »
It's only "free" in the sense that you've now given a third-party more control over whether your site is accessible. If they revoke your certificate for whatever reason, your visitors will suddenly start getting warnings.
No more than the hosting provider has. So that's a non-issue. Unless you generate your own electricity, own the backbone lines of "the net" your access,  your data, can be restricted.

Quote
There's nothing secret here. Stay insecure, stay free.

SSL was not created to make things secret. It was made to ensure identity verification. So no man in the middle to harvest everyone's usernames/passwords etc. by simply impersonating a site which DNS for instance expires (another dependency on "others").

Bottom line - if you want to be found on google, avoid nasty alerts in browsers etc. you switch to proper TLS/SSL.
 

Offline xrunner

  • Super Contributor
  • ***
  • Posts: 4828
  • Country: us
  • hp>Agilent>Keysight>?
Re: SSL/TLS Time to update your HTTP server.
« Reply #11 on: March 26, 2018, 02:57:51 am »
Welcome to ancient history, EEVBlog already supports HTTPS.

Well ... I wasn't showing the lock but I changed the bookmark to https and there it was. Thanks!
I am a Test Equipment Addict (TEA) - by virtue of this forum signature, I have now faced my addiction
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf