TLS on Unseen Servant?

[spanningtree]

I know the subject matter is not the most sensitive here on the board but is there any chance that Unseen Servant might move to TLS 1.2 in the future? I am connected to an airport free wifi right now and have some pangs that someone might sniff my creds. Just curious.

[Zhym]

Drat. You weren't supposed to notice me or my packet sniffer.

But that's a good point.

[ToniXX]

I know the subject matter is not the most sensitive here on the board but is there any chance that Unseen Servant might move to TLS 1.2 in the future? I am connected to an airport free wifi right now and have some pangs that someone might sniff my creds. Just curious.

How can I tell what version is currently running on this or any server?

[Zhym]

Here's the message I get in Firefox when I try to connect with SSL:

An error occurred during a connection to http://www.unseenservant.us. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

It's been ages since I did any web admin, but it's probably either a web server configuration issue, a certificate issue, or both.

The default login page is unencrypted, so once the SSL login page is working it'd be great if the login page would redirect to HTTPS, too.

[Zhym]

Bumping this to mention that it would be great if the forums had a working SSL certificate / HTTPS login page.

[ToniXX]

This has come up a few times now so I'll look into it. IIRC it will add about $100 per year to the hosting costs.

[Zhym]

Is that the cost of the certificate, or the cost of your provider administering the certificate? Let's Encrypt is a free certificate authority, so getting the certificate itself shouldn't be costly. But I have no idea what your provider charges to put it on a server and keep it updated.

[Zhym]

Any further thoughts on this? Most browsers are now marking all non-HTTPS sites as insecure.

Sniffing of Unseen Servant logins probably isn't at the top of anyone's agenda, but if there's anything I can do to help at least get the logins secured, let me know.

[ToniXX]

Any further thoughts on this? Most browsers are now marking all non-HTTPS sites as insecure.

Sniffing of Unseen Servant logins probably isn't at the top of anyone's agenda, but if there's anything I can do to help at least get the logins secured, let me know.

Yes, given that browsers and flagging sites now, I was planning on doing it at least for these forums. But, at the moment we're having problems with the dice roller so I'm dealing with that. UGH!

[Zhym]

Yeah. Obviously it's not the first priority at the moment. But, hey, while you've got your provider on the phone...

[ToniXX]

SSL is now running on this server. Change the URL to https and it will work

[Zhym]

Sweet!

Do you think you could rig it so that the login page automatically redirects to HTTPS?

[ToniXX]

Yah I'm trying to figure out how to do that

[ToniXX]

Sweet!

Do you think you could rig it so that the login page automatically redirects to HTTPS?

Ok, this should be working. Actually, all pages should be on https

[Zhym]

It's working for me. Thanks!

[AleBelly]

Me too. Three cheers!

[Zhym]

Character sheets from the dice roller aren't showing up now. I suspect it might be because of the HTTPS change. The dice roller still shows up as insecure, so maybe my browsers, at least, are refusing to load remote HTTP content in an HTTPS connection?

Feel like re-doing everything you just did with the dice roller, too?

[dmw71]

Feel like re-doing everything you just did with the dice roller, too?

FYI, I'm not positive, but I'm pretty sure the forums and the die roller are on two completely different hosts.

[Zhym]

Oh, yeah. Looks like the dice roller is on GoDaddy, which may or may not support Let's Encrypt free server certs depending on the product.

https://www.godaddy.com/help/does-godad ... ducts-3983

Ouch.

[ToniXX]

Oh, yeah. Looks like the dice roller is on GoDaddy, which may or may not support Let's Encrypt free server certs depending on the product.

https://www.godaddy.com/help/does-godad ... ducts-3983

Ouch.

Does it have to support the same type of SSL or just any SSL? Would it have to be the same exact cert?
I'll get SSL for the dice roller too if that'll solve the problem.