HTTPS Upgrade
-
-
ConnorJC Goon
- Goon
- Goon
- Posts: 754
- Joined: November 15, 2016
- Location: US East Coast
I helped? Guess I did some work in my sleep.
Anyways, onwards to HSTS and better CSPs!
"Let's make MS secure again."Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)-
-
ConnorJC Goon
- Goon
- Goon
- Posts: 754
- Joined: November 15, 2016
- Location: US East Coast
Uploading to another site, like imgur?
Theoretically, considering imgur is less likely to screw up proper https then some random site.Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)-
-
ConnorJC Goon
- Goon
- Goon
- Posts: 754
- Joined: November 15, 2016
- Location: US East Coast
Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)-
-
ConnorJC Goon
- Goon
- Goon
- Posts: 754
- Joined: November 15, 2016
- Location: US East Coast
Imgur is (for the moment) more secure than MafiaScum.
Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)-
-
ConnorJC Goon
- Goon
- Goon
- Posts: 754
- Joined: November 15, 2016
- Location: US East Coast
Because HTTP/2 is still not a thing.In post 14, inte wrote:its 2017, how is no HTTPS still a thing
Fortunately let's encrypt is fighting the good fight for SSL everywhere.Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)-
-
ConnorJC Goon
- Goon
- Goon
- Posts: 754
- Joined: November 15, 2016
- Location: US East Coast
I don't think you can even get a SHA1 signature nowadays. Don't worry, the encryption is secure.In post 18, Majiffy wrote:Just a note, if the HTTPS uses SHA-1, Google will be posting the break in 90 days.
http://www.theverge.com/2017/2/23/14712 ... -shattered
(Although, note that HTTP links to MS are currentlynotsecure, so do be careful around those.)Last edited by ConnorJC on Mon Feb 27, 2017 2:11 am, edited 1 time in total.Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)-
-
ConnorJC Goon
- Goon
- Goon
- Posts: 754
- Joined: November 15, 2016
- Location: US East Coast
We have one certificate for all subdomains.In post 24, tn5421 wrote:
The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).In post 19, Zachrulez wrote:From what I'm reading all the major broswers would pop up and inform users they were on a SHA-1 site if MS was using it.
Although it seems the certificate is issued to wiki.mafiascum.net, even when viewing the forums.
Don't worry, our encryption is secure.
The only thing to worry about is HTTP links.Want to help with site development? PM Kison
Want to test new features? https://forum.staging.mafiascum.net (Probably still want to PM Kison)
Copyright © MafiaScum. All rights reserved.