[phpBB Debug] PHP Warning: in file [ROOT]/ext/spaceace/ajaxchat/controller/chat.php on line 220: Trying to access array offset on value of type bool
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4149: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3027)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4149: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3027)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4149: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3027)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4149: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3027)
The Unseen Servant forums • TLS on Unseen Servant?
Page 1 of 3

TLS on Unseen Servant?

Posted: Fri May 05, 2017 8:53 pm
by spanningtree
I know the subject matter is not the most sensitive here on the board but is there any chance that Unseen Servant might move to TLS 1.2 in the future? I am connected to an airport free wifi right now and have some pangs that someone might sniff my creds. Just curious. :D

Re: TLS on Unseen Servant?

Posted: Fri May 05, 2017 10:02 pm
by Zhym
Drat. You weren't supposed to notice me or my packet sniffer.

But that's a good point.

Re: TLS on Unseen Servant?

Posted: Fri May 05, 2017 10:48 pm
by ToniXX
spanningtree wrote:I know the subject matter is not the most sensitive here on the board but is there any chance that Unseen Servant might move to TLS 1.2 in the future? I am connected to an airport free wifi right now and have some pangs that someone might sniff my creds. Just curious. :D
How can I tell what version is currently running on this or any server?

Re: TLS on Unseen Servant?

Posted: Wed May 24, 2017 2:09 pm
by Zhym
Here's the message I get in Firefox when I try to connect with SSL:
An error occurred during a connection to http://www.unseenservant.us. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
It's been ages since I did any web admin, but it's probably either a web server configuration issue, a certificate issue, or both.

The default login page is unencrypted, so once the SSL login page is working it'd be great if the login page would redirect to HTTPS, too.

Re: TLS on Unseen Servant?

Posted: Thu Feb 15, 2018 9:38 pm
by Zhym
Bumping this to mention that it would be great if the forums had a working SSL certificate / HTTPS login page.

Re: TLS on Unseen Servant?

Posted: Fri Feb 16, 2018 4:14 pm
by ToniXX
This has come up a few times now so I'll look into it. IIRC it will add about $100 per year to the hosting costs.

Re: TLS on Unseen Servant?

Posted: Fri Feb 16, 2018 4:19 pm
by Zhym
Is that the cost of the certificate, or the cost of your provider administering the certificate? Let's Encrypt is a free certificate authority, so getting the certificate itself shouldn't be costly. But I have no idea what your provider charges to put it on a server and keep it updated.

Re: TLS on Unseen Servant?

Posted: Thu Aug 02, 2018 3:36 pm
by Zhym
Any further thoughts on this? Most browsers are now marking all non-HTTPS sites as insecure.

Sniffing of Unseen Servant logins probably isn't at the top of anyone's agenda, but if there's anything I can do to help at least get the logins secured, let me know.

Re: TLS on Unseen Servant?

Posted: Thu Aug 02, 2018 3:48 pm
by ToniXX
Zhym wrote:Any further thoughts on this? Most browsers are now marking all non-HTTPS sites as insecure.

Sniffing of Unseen Servant logins probably isn't at the top of anyone's agenda, but if there's anything I can do to help at least get the logins secured, let me know.
Yes, given that browsers and flagging sites now, I was planning on doing it at least for these forums. But, at the moment we're having problems with the dice roller so I'm dealing with that. UGH!

Re: TLS on Unseen Servant?

Posted: Thu Aug 02, 2018 3:53 pm
by Zhym
Yeah. Obviously it's not the first priority at the moment. But, hey, while you've got your provider on the phone... ;)

Re: TLS on Unseen Servant?

Posted: Thu Aug 02, 2018 10:26 pm
by ToniXX
SSL is now running on this server. Change the URL to https and it will work

Re: TLS on Unseen Servant?

Posted: Thu Aug 02, 2018 10:45 pm
by Zhym
Sweet!

Do you think you could rig it so that the login page automatically redirects to HTTPS?

Re: TLS on Unseen Servant?

Posted: Thu Aug 02, 2018 11:21 pm
by ToniXX
Yah I'm trying to figure out how to do that

Re: TLS on Unseen Servant?

Posted: Thu Aug 02, 2018 11:51 pm
by ToniXX
Zhym wrote:Sweet!

Do you think you could rig it so that the login page automatically redirects to HTTPS?
Ok, this should be working. Actually, all pages should be on https

Re: TLS on Unseen Servant?

Posted: Thu Aug 02, 2018 11:54 pm
by Zhym
It's working for me. Thanks!

Re: TLS on Unseen Servant?

Posted: Fri Aug 03, 2018 12:35 am
by AleBelly
Me too. Three cheers!

Re: TLS on Unseen Servant?

Posted: Fri Aug 03, 2018 3:33 am
by Zhym
Character sheets from the dice roller aren't showing up now. I suspect it might be because of the HTTPS change. The dice roller still shows up as insecure, so maybe my browsers, at least, are refusing to load remote HTTP content in an HTTPS connection?

Feel like re-doing everything you just did with the dice roller, too? ;)

Re: TLS on Unseen Servant?

Posted: Fri Aug 03, 2018 3:35 am
by dmw71
Zhym wrote:Feel like re-doing everything you just did with the dice roller, too? ;)
FYI, I'm not positive, but I'm pretty sure the forums and the die roller are on two completely different hosts.

Re: TLS on Unseen Servant?

Posted: Fri Aug 03, 2018 3:41 am
by Zhym
Oh, yeah. Looks like the dice roller is on GoDaddy, which may or may not support Let's Encrypt free server certs depending on the product.

https://www.godaddy.com/help/does-godad ... ducts-3983

Ouch.

Re: TLS on Unseen Servant?

Posted: Fri Aug 03, 2018 6:44 am
by ToniXX
Zhym wrote:Oh, yeah. Looks like the dice roller is on GoDaddy, which may or may not support Let's Encrypt free server certs depending on the product.

https://www.godaddy.com/help/does-godad ... ducts-3983

Ouch.
Does it have to support the same type of SSL or just any SSL? Would it have to be the same exact cert?
I'll get SSL for the dice roller too if that'll solve the problem.