LinuxQuestions.org
Have you listened to LQ Radio?
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > LQ Suggestions & Feedback
Reload this Page SSL with LQ doesnt work?
User Name
Password
LQ Suggestions & Feedback Do you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.

Notices

Reply
 
Thread Tools
Old 11-06-2008, 02:22 AM   #1
deepsix
Member
 
Registered: Apr 2003
Distribution: ANY
Posts: 333
Thanked: 2
SSL with LQ doesnt work?

[Log in to get rid of this advertisement]
Hi jeremy,

Theres been an on going discussion in the Security forum about ssl tls1 and tls 1.1 and how it relates to website security, as well as how it relates to LQ and other sites as well.

I notice when I visit https://www.linuxquestions.org my browser gives me a security error stating that your server tried to enable security but failed. and also gives me a warning that the session is not secure and that I shouldnt transmit sensitive data.(Opera-latest version) There are many wesites out that offer to encrypt passwords but not the session, or contents, and many more dont offer https at all.

If you wouldnt mind commenting or reading the article I started I would appreciate it.
My goal is to spread knowlege of just how insecure the web is and get others reading on LQ thinking about their choice of protocols, and the availability of encrypted protocols, and possibly getting everyone to eventually start using them.



thanks
Last edited by deepsix; 11-06-2008 at 02:40 AM..
deepsix is offline     Reply With Quote
Old 11-06-2008, 03:21 AM   #2
win32sux
Moderator
 
Registered: Jul 2003
Distribution: Ubuntu 8.10
Posts: 8,608
Thanked: 108
Quote:
Originally Posted by deepsix View Post
Theres been an on going discussion in the Security forum about ssl tls1 and tls 1.1 and how it relates to website security, as well as how it relates to LQ and other sites as well.
For the record, said thread is here.
win32sux is offline     Reply With Quote

Old 11-06-2008, 10:32 AM   #3
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 7,143
Thanked: 165
deepsix,

I think it's explained fairly well in the linked thread. The session actually is secure, but some images come from either our CDN or our static assets server, neither of which support SSL at this time. Thanks for the feedback.

--jeremy
jeremy is offline     Reply With Quote

Old 11-01-2009, 01:53 AM   #4
deepsix
Member
 
Registered: Apr 2003
Distribution: ANY
Posts: 333
Thanked: 2

Original Poster
Quote:
Originally Posted by jeremy View Post
deepsix,

I think it's explained fairly well in the linked thread. The session actually is secure, but some images come from either our CDN or our static assets server, neither of which support SSL at this time. Thanks for the feedback.

--jeremy
ty guys not trying to start the thread again... my connection to your server through HTTPS may be secure but the server im connected to has content served (and serving to me) from another server that the server im on agrees to serve unsecured that isnt secure therefore plausibly the other server has access to my supposed https session. https should be HTTPS... i can write a book and call it HTTPS and let the contents be HTTP... doesnt make the entire book HTTPS...
sry to cause so much trouble guys and gals... just feel compelled to get to share...
linux deepsix is offline     Reply With Quote

Old 11-01-2009, 03:51 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 16,722
Blog Entries: 30
Thanked: 285
Quote:
Originally Posted by deepsix View Post
ty guys not trying to start the thread again...
Well then please don't. Best thing is to create a new thread, present your detailed, technical infomation (and not vague descriptions of things like saying "the server im connected to has content served (and serving to me) from another server that the server im on agrees to serve unsecured") and if necessary refer to this thread if you think it provides the necessary background information.


Quote:
Originally Posted by deepsix View Post
therefore plausibly the other server has access to my supposed https session.
I suggest you reread the replies in http://www.linuxquestions.org/questi...rowser-680585/ again and then not say "plausible" but instead come up with something tangible that supports your claim (and we could test for).
linux unSpawn is offline     Reply With Quote


Reply

Bookmarks


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Dovecot - TLS doesnt work while SSL does extasic Linux - Server 2 10-07-2008 06:57 PM
Is it safe to run the non premium version of syslog-ng? (The one that doesnt use ssl) abefroman Linux - Security 4 06-04-2008 04:32 AM
rmdir -rf does not seem to work in fc4 .what do i do?rm -p also doesnt seem to work vinay87 Linux - Newbie 2 05-09-2006 10:18 AM
Why doesnt my USB mouse doesnt work? barkha Linux - Hardware 2 08-16-2005 12:31 PM
SSL doesnt work on slow connection? cuboctahedron Linux - General 3 07-19-2003 10:36 AM


All times are GMT -5. The time now is 11:06 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap - LinuxQuestions.org - Linux Forums
Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
RSS2  LQ Podcast
RSS2  LQ Radio
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration