Since you can get automatically updated SSL certificates for free these days, I was wondering whether there are any plans to switch to HTTPS on the forum? It would save having to send login credentials in an insecure manner.
(09-27-2018 07:21 PM)ijabbott Wrote: [ -> ]Since you can get automatically updated SSL certificates for free these days, I was wondering whether there are any plans to switch to HTTPS on the forum? It would save having to send login credentials in an insecure manner.
+1. Let's Encrypt + certbot = free SSL with zero effort renewal
+1. Would be nice to have TLS1.2 for at least the authentication.
(01-06-2019 04:24 AM)bbenson Wrote: [ -> ]+1. Would be nice to have TLS1.2 for at least the authentication.
You'd need to use it for the whole forum because logon credentials are posted (in an encoded form) in cookies every time you load a page.
Side note: Let's Encrypt + certbot are very low/zero maintenance once set-up, which is very easy on Linux or BSD. Perhaps Dave is worried about the impact on web-site performance?
I see the forum has started using HTTPS just now. Nice, thanks!
Was this triggered by Safari in iOS saying "Not Secure" in the URL bar since the latest iOS update? Because that's what finally made me set up HTTPS on my web site last week.
No - although oddly enough I read your post on IOS since I wanted to do a little cross-platform checking.
What really triggered it - I had a whole afternoon free with no higher priority tasks on the todo list. It's been a few years since that happened!
There may still be some warts. With 26 years of website accretion, and 2 forums, paypal, etc., there have been quite a few places that needed tweaks. Mostly just little things.