I had a reminder in my calendar to do it tonight, and thanks to your suggestions, I have a ‘real’ SSL certificate installed. If you want to browse the Digest using https, go for it.
A running description of activity related to DragonFly BSD.
A running description of activity related to DragonFly BSD.
I had a reminder in my calendar to do it tonight, and thanks to your suggestions, I have a ‘real’ SSL certificate installed. If you want to browse the Digest using https, go for it.
No redirect by default? Then Strict Transport Security would also make sense. :)
Also it looks like the comment form doesn’t use HTTPS yet. At least I get a warning about this.
I turned https on by-default just now, now that I know I didn’t scramble something. Tell me if you get any non-https errors/warnings at this point.
Testing if form submission still generates a warning…
Looks fine now. Thanks for https, the more stuff encrypted on the web, the better :)
Hm… https://shaaaaaaaaaaaaa.com/check/dragonflybsddigest.com
Please make it ‘default’ in the sense that update links and use a redirect. Thanks for providing TLS!
Sorry for dumb question, but why i need TLS for read this blog? Where is profit (if i’m not criminal)?
Igor – you don’t need TLS to read it – but it’s not a bad idea to have encryption available rather than not available.
Zoey4ever – I wasn’t aware of that. I’ll redo the certificate dance again soon. (ugh)
Edward – what do you mean?
Ah, Zoey4ever – I did do 2048-bit – dragonflyBSDdigest is a redirect from the place where I registered it, and the SHAAAAAA place is probably noticing their certificate being 1024-bit. Or something, but dragonflydigest.com is fine.
https://www.ssllabs.com/ssltest/analyze.html?d=dragonflydigest.com
Hmm.
There’s some oddness going on with your SSL cert. OpenSSL on FreeBSD 10.0-RELEASE is getting upset. It’s the only site I’m seeing this issue with.
I noticed because my RSS reader stopped being able to poll your feed: In python:
[code]
>>> import urllib2
>>> rss = urllib2.urlopen(‘https://www.dragonflydigest.com/feed/’)
Traceback (most recent call last):
File “”, line 1, in
File “/usr/local/lib/python2.7/urllib2.py”, line 127, in urlopen
return _opener.open(url, data, timeout)
File “/usr/local/lib/python2.7/urllib2.py”, line 404, in open
response = self._open(req, data)
File “/usr/local/lib/python2.7/urllib2.py”, line 422, in _open
‘_open’, req)
File “/usr/local/lib/python2.7/urllib2.py”, line 382, in _call_chain
result = func(*args)
File “/usr/local/lib/python2.7/urllib2.py”, line 1222, in https_open
return self.do_open(httplib.HTTPSConnection, req)
File “/usr/local/lib/python2.7/urllib2.py”, line 1184, in do_open
raise URLError(err)
urllib2.URLError:
[/code]
And the openssl client barfs, too:
[code]
$ openssl s_client -connect http://www.dragonflydigest.com:443
CONNECTED(00000003)
34379126440:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_lib.c:177:
—
no peer certificate available
—
No client certificate CA names sent
—
SSL handshake has read 0 bytes and written 309 bytes
—
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
—
[/code]
Hope this is something easy for you to fix.
sjh