Miscellaneous > Discussions

Donations

<< < (6/6)

rnolan:
The main thing that TLS (similar to SSL) will provide is to protect log on details.  We'll need a certificate and probably some minor changes in the appache web server.  It needs to be at a minimum TLS v1.2 and better is TLS v1.3.  The last version of SSL (v3.0) is now very insecure and shouldn't be used.  Our server probably uses OpenSSL which is open source code for Linux (Unix) servers.  The latest version(s) of OpenSSL (IIRC 1.1.0) supports TLS v1.3.  This would also be a good time to rebuild the site and hopefully fix some of the bugs.

vansinn:
Yeah, I wrote about the cert things to Dante yesterday; didn't feel like doing it in here..
As I wrote, we don't really need to pay for an approved cert, but could use a self-signed cert; I've made loads of those for private connections to mail- and web servers.
The negative with those is that users will get a warning about the certificate potentially being not trustworthy, which may not be good for us.
If we buy a cert, several places offers them cheaper than, say, Verisign.
The changes to the Apache server is mostly uncommenting the line about HTTPS, and adding a line about the cert.
Implementing this isn't related to rebuilding the site, but can be done with no other hassle.
(not that it may not be a good idea giving the site a preen'n'prune)

rnolan:

--- Quote from: van Sinn on November 27, 2019, 03:25:26 AM ---Implementing this isn't related to rebuilding the site, but can be done with no other hassle.
(not that it may not be a good idea giving the site a preen'n'prune)

--- End quote ---
As I said it would be a good (opportune) time to rebuild the site, I know we (Dante and his/our ISP) can just implement HTTPS without a rebuild.  Moreover, I was agitating to go HTTPS a couple years ago  :facepalm: .  IIRC Dante said it would cost about $25 back then  :dunno: Mostly I want to get rid of the deprecated function error:8192: Function create_function() is deprecated
We get a couple of million of these errors in the logs per week...
But there are other issues (e.g. time format, intermittent email (for some of us), attachment size limit problem etc), hence time for a rebuild.
A self signed cert will cause issues with some browsers (e.g. chrome).  A cheaper one than verisign is fine as long as it's not from one of the dodgy cert offerings which prop up the hackers/miscreants etc.  Also need to configure apache to not down grade the connection to less than TLS 1.2

vansinn:
^ agreed - some things I didn't think of (still feels weird not being admin anymore..)

Navigation

[0] Message Index

[*] Previous page