Comments on: https, here

By: sjh

sjh — Mon, 29 Sep 2014 22:51:16 +0000

Hmm.

There’s some oddness going on with your SSL cert. OpenSSL on FreeBSD 10.0-RELEASE is getting upset. It’s the only site I’m seeing this issue with.

I noticed because my RSS reader stopped being able to poll your feed: In python:

[code]
>>> import urllib2
>>> rss = urllib2.urlopen(‘https://www.dragonflydigest.com/feed/’)
Traceback (most recent call last):
File “”, line 1, in
File “/usr/local/lib/python2.7/urllib2.py”, line 127, in urlopen
return _opener.open(url, data, timeout)
File “/usr/local/lib/python2.7/urllib2.py”, line 404, in open
response = self._open(req, data)
File “/usr/local/lib/python2.7/urllib2.py”, line 422, in _open
‘_open’, req)
File “/usr/local/lib/python2.7/urllib2.py”, line 382, in _call_chain
result = func(*args)
File “/usr/local/lib/python2.7/urllib2.py”, line 1222, in https_open
return self.do_open(httplib.HTTPSConnection, req)
File “/usr/local/lib/python2.7/urllib2.py”, line 1184, in do_open
raise URLError(err)
urllib2.URLError:
[/code]

And the openssl client barfs, too:

[code]
$ openssl s_client -connect http://www.dragonflydigest.com:443
CONNECTED(00000003)
34379126440:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_lib.c:177:
—
no peer certificate available
—
No client certificate CA names sent
—
SSL handshake has read 0 bytes and written 309 bytes
—
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
—
[/code]

Hope this is something easy for you to fix.

sjh

By: Justin Sherrill

Justin Sherrill — Sun, 28 Sep 2014 23:07:30 +0000

Ah, Zoey4ever – I did do 2048-bit – dragonflyBSDdigest is a redirect from the place where I registered it, and the SHAAAAAA place is probably noticing their certificate being 1024-bit. Or something, but dragonflydigest.com is fine.

https://www.ssllabs.com/ssltest/analyze.html?d=dragonflydigest.com

By: Justin Sherrill

Justin Sherrill — Sun, 28 Sep 2014 18:49:29 +0000

Igor – you don’t need TLS to read it – but it’s not a bad idea to have encryption available rather than not available.

Zoey4ever – I wasn’t aware of that. I’ll redo the certificate dance again soon. (ugh)

Edward – what do you mean?

By: Igor

Igor — Sun, 28 Sep 2014 13:45:35 +0000

Sorry for dumb question, but why i need TLS for read this blog? Where is profit (if i’m not criminal)?

By: Edward

Edward — Sun, 28 Sep 2014 06:24:53 +0000

Please make it ‘default’ in the sense that update links and use a redirect. Thanks for providing TLS!

By: Zoey4ever

Zoey4ever — Sun, 28 Sep 2014 00:44:16 +0000

Hm… https://shaaaaaaaaaaaaa.com/check/dragonflybsddigest.com

By: Anon

Anon — Sat, 27 Sep 2014 14:50:58 +0000

Looks fine now. Thanks for https, the more stuff encrypted on the web, the better :)

By: Anon

Anon — Sat, 27 Sep 2014 14:50:27 +0000

Testing if form submission still generates a warning…

By: Justin Sherrill

Justin Sherrill — Sat, 27 Sep 2014 14:27:44 +0000

I turned https on by-default just now, now that I know I didn’t scramble something. Tell me if you get any non-https errors/warnings at this point.

By: Christian

Christian — Sat, 27 Sep 2014 11:17:48 +0000

No redirect by default? Then Strict Transport Security would also make sense. :)

Also it looks like the comment form doesn’t use HTTPS yet. At least I get a warning about this.