SSL upgrade

This forum is for announcements about the site and the board, "how to" information, etc. Some topics will allow discussion, and some may have polls, but only moderators may post new topics.

Moderator: Groceteria

Post Reply
User avatar
Groceteria
Great Pumpkin
Posts: 1518
Joined: 04 Nov 2005 12:13
Location: NC Triad
Contact:

SSL upgrade

Post by Groceteria » 30 Mar 2019 13:12

I'm in the process of enabling SSL on the site (so you will not see all those "Not Secure" warnings. Things may look a little odd for a bit (e.g. images not loading properly) due to some glitches. I'm working on it.

The message board seems fine, FWIW.

User avatar
Groceteria
Great Pumpkin
Posts: 1518
Joined: 04 Nov 2005 12:13
Location: NC Triad
Contact:

Re: SSL upgrade

Post by Groceteria » 01 Apr 2019 17:26

Hopefully, this was all resolved by late Satutday.

User avatar
Andrew T.
Senior Member
Posts: 490
Joined: 18 Oct 2007 14:26
Location: London
Contact:

Re: SSL upgrade

Post by Andrew T. » 27 Apr 2019 23:22

I was admittedly less than enthusiastic when the news about this first brewed several months ago. I'm glad you were able to pull this particular transition off without major disruption...but HTTP is the foundation of the open web and I've been very uncomfortable with the popular charge away from it.

Right now, site authors everywhere seem to be in a mad scramble to force HTTPS on visitors because Google has been threatening to downrank their websites in search results and flag them as "insecure" or "defective" in Chrome if they don't. It's disturbing that any company, much less an advertising company with a very dubious ethical record, has that kind of power. It's also disturbing that we're heading towards a web where the authority for validating a website is placed not with the site author, not with the visitor, but in the hands of anonymous entities like "DigiCert Inc." I know nothing about.

My other major concern with HTTPS is its epidemic of backwards-incompatibility. It wouldn't be so bad if HTTPS were a stable protocol that never changed, like HTTP...or if most servers behaved as they are supposed to, and go down a list of compatible protocols (TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0, SSL 2.0) to negotiate a connection that's compatible with the client. Sadly, that's not the case: Just a few days ago, RetailWatchers rolled out an implementation of HTTPS that appears to work with TLS 1.2 only. TLS 1.2 didn't even exist in most browsers five years ago...and if you try to visit their board on the most up-to-date releases of Firefox or SeaMonkey for Windows 2000 or PPC Macs, it'll look like this:
error.png
Groceteria fortunately doesn't have the same problem...for now. But I fear that Google will decide to flex their muscles and target multiprotocol-compatible HTTPS websites next, in the interest of coercing everyone to use Chrome on Windows 10 or an Android phone.

(Anyway, my chest feels lighter now...)
"The pale pastels which have been featured in most food stores during the past 20 years are no longer in tune with the mood of the 1970s."
Andrew Turnbull

klkla
Senior Member
Posts: 319
Joined: 29 Jun 2006 18:39

Re: SSL upgrade

Post by klkla » 28 Apr 2019 18:00

Andrew T. wrote:
27 Apr 2019 23:22
It's also disturbing that we're heading towards a web where the authority for validating a website is placed not with the site author, not with the visitor, but in the hands of anonymous entities like "DigiCert Inc." I know nothing about.
What those companies do is verify the owner of site and then indemnify them for this purpose.

Https also make it harder for hackers to do bad things, as well.

Post Reply