+BFsej@2n Posted December 5, 2019 Share Posted December 5, 2019 (edited) TLS seems to be a rather common standard these days for public forums it does not seem the case for the SC forum however. Why not? Trying via https://forum.spamcop.net it then is revealed that the deloyed TLS certificate is not valid for the domain CERT_COMMON_NAME_INVALID since the Subject Alt Names are showing DNS Name cloudfront.net DNS Name *.cloudfront.net Once being on the TLS connection, having accepted a certificate exception in the browser, and clicking any link one is being kicked back to non-TLS however. Edited December 5, 2019 by +BFsej@2n Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted January 25, 2020 Share Posted January 25, 2020 On 12/5/2019 at 4:53 AM, +BFsej@2n said: Why not? My guess is that when the forum was setup not very many people were using https. At that time, the FBI and NSA had the capability to decrypt https trafffic. The place where encryption should be is on the login page. In my own opinion (completely my own opinion and not anyone else's) a public accessible forum (that does not require a login to read) should not need TLS or https encryption on the pages that anyone can read. Quote Link to comment Share on other sites More sharing options...
C2H5OH Posted January 25, 2020 Share Posted January 25, 2020 For information; Firefox now warns whenever I try to go to forum pages. "Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for forum.spamcop.net. The certificate is only valid for the following names: cloudfront.net, *.cloudfront.net Error code: SSL_ERROR_BAD_CERT_DOMAIN" - Clicking through the warnings and proceeding regardless will open the forum pages. Quote Link to comment Share on other sites More sharing options...
+BFsej@2n Posted January 25, 2020 Author Share Posted January 25, 2020 14 hours ago, gnarlymarley said: The place where encryption should be is on the login page. First of all the login page then should provide a valid certificate, which it does not. And secondly the http login page should be redirected to https which it does not either Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.