TLS on Unseen Servant?

Suggestions or feature requests for the dice roller, forums, or PbP games.
Message
Author
User avatar
spanningtree
Ranger Lord
Ranger Lord
Posts: 3472
Joined: Sun Jul 22, 2012 9:35 pm
Location: Las Vegas, NV

TLS on Unseen Servant?

#1 Post by spanningtree »

I know the subject matter is not the most sensitive here on the board but is there any chance that Unseen Servant might move to TLS 1.2 in the future? I am connected to an airport free wifi right now and have some pangs that someone might sniff my creds. Just curious. :D
Anall nathrack uthos bethos doss yell yenva. -Merlin

User avatar
Zhym
Rider of Rohan
Rider of Rohan
Posts: 20556
Joined: Fri Jul 26, 2013 1:14 am

Re: TLS on Unseen Servant?

#2 Post by Zhym »

Drat. You weren't supposed to notice me or my packet sniffer.

But that's a good point.

User avatar
ToniXX
Site Admin
Site Admin
Posts: 3225
Joined: Sat Sep 19, 2009 5:21 pm
Location: Long Beach, CA

Re: TLS on Unseen Servant?

#3 Post by ToniXX »

spanningtree wrote:I know the subject matter is not the most sensitive here on the board but is there any chance that Unseen Servant might move to TLS 1.2 in the future? I am connected to an airport free wifi right now and have some pangs that someone might sniff my creds. Just curious. :D
How can I tell what version is currently running on this or any server?
"Sir, our research shows that the bird is equal to or greater than the word."

User avatar
Zhym
Rider of Rohan
Rider of Rohan
Posts: 20556
Joined: Fri Jul 26, 2013 1:14 am

Re: TLS on Unseen Servant?

#4 Post by Zhym »

Here's the message I get in Firefox when I try to connect with SSL:
An error occurred during a connection to http://www.unseenservant.us. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
It's been ages since I did any web admin, but it's probably either a web server configuration issue, a certificate issue, or both.

The default login page is unencrypted, so once the SSL login page is working it'd be great if the login page would redirect to HTTPS, too.

User avatar
Zhym
Rider of Rohan
Rider of Rohan
Posts: 20556
Joined: Fri Jul 26, 2013 1:14 am

Re: TLS on Unseen Servant?

#5 Post by Zhym »

Bumping this to mention that it would be great if the forums had a working SSL certificate / HTTPS login page.

User avatar
ToniXX
Site Admin
Site Admin
Posts: 3225
Joined: Sat Sep 19, 2009 5:21 pm
Location: Long Beach, CA

Re: TLS on Unseen Servant?

#6 Post by ToniXX »

This has come up a few times now so I'll look into it. IIRC it will add about $100 per year to the hosting costs.
"Sir, our research shows that the bird is equal to or greater than the word."

User avatar
Zhym
Rider of Rohan
Rider of Rohan
Posts: 20556
Joined: Fri Jul 26, 2013 1:14 am

Re: TLS on Unseen Servant?

#7 Post by Zhym »

Is that the cost of the certificate, or the cost of your provider administering the certificate? Let's Encrypt is a free certificate authority, so getting the certificate itself shouldn't be costly. But I have no idea what your provider charges to put it on a server and keep it updated.

User avatar
Zhym
Rider of Rohan
Rider of Rohan
Posts: 20556
Joined: Fri Jul 26, 2013 1:14 am

Re: TLS on Unseen Servant?

#8 Post by Zhym »

Any further thoughts on this? Most browsers are now marking all non-HTTPS sites as insecure.

Sniffing of Unseen Servant logins probably isn't at the top of anyone's agenda, but if there's anything I can do to help at least get the logins secured, let me know.

User avatar
ToniXX
Site Admin
Site Admin
Posts: 3225
Joined: Sat Sep 19, 2009 5:21 pm
Location: Long Beach, CA

Re: TLS on Unseen Servant?

#9 Post by ToniXX »

Zhym wrote:Any further thoughts on this? Most browsers are now marking all non-HTTPS sites as insecure.

Sniffing of Unseen Servant logins probably isn't at the top of anyone's agenda, but if there's anything I can do to help at least get the logins secured, let me know.
Yes, given that browsers and flagging sites now, I was planning on doing it at least for these forums. But, at the moment we're having problems with the dice roller so I'm dealing with that. UGH!
"Sir, our research shows that the bird is equal to or greater than the word."

User avatar
Zhym
Rider of Rohan
Rider of Rohan
Posts: 20556
Joined: Fri Jul 26, 2013 1:14 am

Re: TLS on Unseen Servant?

#10 Post by Zhym »

Yeah. Obviously it's not the first priority at the moment. But, hey, while you've got your provider on the phone... ;)

User avatar
ToniXX
Site Admin
Site Admin
Posts: 3225
Joined: Sat Sep 19, 2009 5:21 pm
Location: Long Beach, CA

Re: TLS on Unseen Servant?

#11 Post by ToniXX »

SSL is now running on this server. Change the URL to https and it will work
"Sir, our research shows that the bird is equal to or greater than the word."

User avatar
Zhym
Rider of Rohan
Rider of Rohan
Posts: 20556
Joined: Fri Jul 26, 2013 1:14 am

Re: TLS on Unseen Servant?

#12 Post by Zhym »

Sweet!

Do you think you could rig it so that the login page automatically redirects to HTTPS?

User avatar
ToniXX
Site Admin
Site Admin
Posts: 3225
Joined: Sat Sep 19, 2009 5:21 pm
Location: Long Beach, CA

Re: TLS on Unseen Servant?

#13 Post by ToniXX »

Yah I'm trying to figure out how to do that
"Sir, our research shows that the bird is equal to or greater than the word."

User avatar
ToniXX
Site Admin
Site Admin
Posts: 3225
Joined: Sat Sep 19, 2009 5:21 pm
Location: Long Beach, CA

Re: TLS on Unseen Servant?

#14 Post by ToniXX »

Zhym wrote:Sweet!

Do you think you could rig it so that the login page automatically redirects to HTTPS?
Ok, this should be working. Actually, all pages should be on https
"Sir, our research shows that the bird is equal to or greater than the word."

User avatar
Zhym
Rider of Rohan
Rider of Rohan
Posts: 20556
Joined: Fri Jul 26, 2013 1:14 am

Re: TLS on Unseen Servant?

#15 Post by Zhym »

It's working for me. Thanks!

User avatar
AleBelly
Rider of Rohan
Rider of Rohan
Posts: 8988
Joined: Wed May 28, 2014 4:46 am
Location: Research Triangle Park, NC

Re: TLS on Unseen Servant?

#16 Post by AleBelly »

Me too. Three cheers!

User avatar
Zhym
Rider of Rohan
Rider of Rohan
Posts: 20556
Joined: Fri Jul 26, 2013 1:14 am

Re: TLS on Unseen Servant?

#17 Post by Zhym »

Character sheets from the dice roller aren't showing up now. I suspect it might be because of the HTTPS change. The dice roller still shows up as insecure, so maybe my browsers, at least, are refusing to load remote HTTP content in an HTTPS connection?

Feel like re-doing everything you just did with the dice roller, too? ;)

User avatar
dmw71
POWAH!
POWAH!
Posts: 19544
Joined: Tue Jan 24, 2012 7:18 pm
Location: Chicago, Illinois
Contact:

Re: TLS on Unseen Servant?

#18 Post by dmw71 »

Zhym wrote:Feel like re-doing everything you just did with the dice roller, too? ;)
FYI, I'm not positive, but I'm pretty sure the forums and the die roller are on two completely different hosts.
-- Project --
Playtest: Untitled Project (1e)
-- DM --
Greyhawk Campaign: Sandbox (1e)
(Status: Archived)

User avatar
Zhym
Rider of Rohan
Rider of Rohan
Posts: 20556
Joined: Fri Jul 26, 2013 1:14 am

Re: TLS on Unseen Servant?

#19 Post by Zhym »

Oh, yeah. Looks like the dice roller is on GoDaddy, which may or may not support Let's Encrypt free server certs depending on the product.

https://www.godaddy.com/help/does-godad ... ducts-3983

Ouch.

User avatar
ToniXX
Site Admin
Site Admin
Posts: 3225
Joined: Sat Sep 19, 2009 5:21 pm
Location: Long Beach, CA

Re: TLS on Unseen Servant?

#20 Post by ToniXX »

Zhym wrote:Oh, yeah. Looks like the dice roller is on GoDaddy, which may or may not support Let's Encrypt free server certs depending on the product.

https://www.godaddy.com/help/does-godad ... ducts-3983

Ouch.
Does it have to support the same type of SSL or just any SSL? Would it have to be the same exact cert?
I'll get SSL for the dice roller too if that'll solve the problem.
"Sir, our research shows that the bird is equal to or greater than the word."

Post Reply

Return to “Suggestions”