flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > Feedback > TLS/SSL/Letsencrypt/EFF

Author
Thread Post new topic Reply to topic
redsock



Joined: 09 Oct 2009
Posts: 251
Location: Australia
TLS/SSL/Letsencrypt/EFF
I enabled TLS for the board and all subdomains here this morning.

Please let me know if there are any issues.

Also note: HSTS is enabled, so if you visit the board via TLS, your browser should enforce all future traffic via TLS from that point forward.


Description: Cert screenshot for the board
Filesize: 174.48 KB
Viewed: 1104 Time(s)

Screen Shot 2016-08-21 at 8.57.51 AM.png



_________________
2 Ton Digital - https://2ton.com.au/
Post 20 Aug 2016, 22:59
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14590
Location: Planet Dirt
I find that HTTPS works okay.

But HSTS doesn't appear to be active? What did I do wrong?
Post 20 Aug 2016, 23:25
View user's profile Send private message Visit poster's website Reply with quote
redsock



Joined: 09 Oct 2009
Posts: 251
Location: Australia

revolution wrote:
I find that HTTPS works okay.

But HSTS doesn't appear to be active? What did I do wrong?

rwasa is definitely sending the correct header:

Code:
Strict-Transport-Securitymax-age=31536000; includeSubDomains

... I suppose it depends on your browser as to what action is really taken as a result. The wikipedia article on it (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) contains a browser support section...

Also see: https://www.ssllabs.com/ssltest/analyze.html?d=board.flatassembler.net&hideResults=on for further information, specifically the "Protocol Details" section where it lists the various features that rwasa is performing.

Edit: Since the board's version of rwasa is the library's default, rwasa is configured to blacklist malicious TLS session attempts, so when the test at ssllabs was finishing, rwasa subsequently blacklisted their testing client (hence all of the "Server sent fata alert: access_denied" in the handshake section). All the rest of the protocol details are there and correct, but if ssllabs' cache is less than the blacklist period of 1 day, that result page may not work correctly.

_________________
2 Ton Digital - https://2ton.com.au/
Post 20 Aug 2016, 23:37
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 14590
Location: Planet Dirt
Oh, I am sorry. I was trying the other links, but now I see that they are hardcoded to HTTP in the source:

Quote:
<a class="boldlink" href="http://flatassembler.net/index.php">Main index</a>&nbsp;&nbsp;

Everything is fine.
Post 20 Aug 2016, 23:40
View user's profile Send private message Visit poster's website Reply with quote
redsock



Joined: 09 Oct 2009
Posts: 251
Location: Australia

revolution wrote:
Oh, I am sorry. I was trying the other links, but now I see that they are hardcoded to HTTP in the source:

Quote:
<a class="boldlink" href="http://flatassembler.net/index.php">Main index</a>&nbsp;&nbsp;

Everything is fine.

There is presumably a phpBB setting for the base URL of the board, modifying that to point to https:// would be a good thing IMO.

_________________
2 Ton Digital - https://2ton.com.au/
Post 20 Aug 2016, 23:51
View user's profile Send private message Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 6832
Location: 22° 15' N | 114° 10' E
"https://" works fine for me, using Chrome on Chrome OS.

Wink
Post 21 Aug 2016, 06:32
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 6328
Location: ˛                              ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣ Posts: 6699
glad to have https://, thanks redsock!
so the whole fasm php phpbb forum running in rwasa web server now?
Post 21 Aug 2016, 14:15
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2005 phpBB Group.

Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2016, Tomasz Grysztar.