Hi jeremy,

Theres been an on going discussion in the Security forum about ssl tls1 and tls 1.1 and how it relates to website security, as well as how it relates to LQ and other sites as well.

I notice when I visit https://www.linuxquestions.org my browser gives me a security error stating that your server tried to enable security but failed. and also gives me a warning that the session is not secure and that I shouldnt transmit sensitive data.(Opera-latest version) There are many wesites out that offer to encrypt passwords but not the session, or contents, and many more dont offer https at all.

If you wouldnt mind commenting or reading the article I started I would appreciate it.
My goal is to spread knowlege of just how insecure the web is and get others reading on LQ thinking about their choice of protocols, and the availability of encrypted protocols, and possibly getting everyone to eventually start using them.



thanks

For the record, said thread is here.

deepsix,

I think it's explained fairly well in the linked thread. The session actually is secure, but some images come from either our CDN or our static assets server, neither of which support SSL at this time. Thanks for the feedback.

--jeremy

ty guys not trying to start the thread again... my connection to your server through HTTPS may be secure but the server im connected to has content served (and serving to me) from another server that the server im on agrees to serve unsecured that isnt secure therefore plausibly the other server has access to my supposed https session. https should be HTTPS... i can write a book and call it HTTPS and let the contents be HTTP... doesnt make the entire book HTTPS...
sry to cause so much trouble guys and gals... just feel compelled to get to share...

Well then please don't. Best thing is to create a new thread, present your detailed, technical infomation (and not vague descriptions of things like saying "the server im connected to has content served (and serving to me) from another server that the server im on agrees to serve unsecured") and if necessary refer to this thread if you think it provides the necessary background information.


I suggest you reread the replies in http://www.linuxquestions.org/questi...rowser-680585/ again and then not say "plausible" but instead come up with something tangible that supports your claim (and we could test for).

A direct link to the specific post would be a lot better, otherwise people in the future won't have a clue what you were referring to. That said, could you explain what exactly is the point you're trying to make? The linked post doesn't seem to contain anything we didn't already know.