Jump to content

no TLS?


Recommended Posts

TLS seems to be a rather common standard these days for public forums it does not seem the case for the SC forum however. Why not?

Trying via https://forum.spamcop.net it then is revealed that the deloyed TLS certificate is not valid for the domain


since the Subject Alt Names are showing

DNS Name cloudfront.net
DNS Name *.cloudfront.net

Once being on the TLS connection, having accepted a certificate exception in the browser, and clicking any link one is being kicked back to non-TLS however.

Edited by +BFsej@2n
Link to comment
Share on other sites

  • 1 month later...
On 12/5/2019 at 4:53 AM, +BFsej@2n said:

Why not?

My guess is that when the forum was setup not very many people were using https.  At that time, the FBI and NSA had the capability to decrypt https trafffic.  The place where encryption should be is on the login page.

In my own opinion (completely my own opinion and not anyone else's) a public accessible forum (that does not require a login to read) should not need TLS or https encryption on the pages that anyone can read.

Link to comment
Share on other sites

For information;

Firefox now warns whenever I try to go to forum pages.

"Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for forum.spamcop.net. The certificate is only valid for the following names: cloudfront.net, *.cloudfront.net


- Clicking through the warnings and proceeding regardless will open the forum pages.

Link to comment
Share on other sites

14 hours ago, gnarlymarley said:

The place where encryption should be is on the login page.

First of all the login page then should provide a valid certificate, which it does not. And secondly the http login page should be redirected to https which it does not either

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...