• Walter Bright (2/2) Nov 23 2015 I'm pleased to announce that Jan Knepper has gotten us some proper certi...
• Adam D. Ruppe (6/9) Nov 23 2015 Sooooo.... it isn't actually https everywhere. On a https page,
• Walter Bright (2/8) Nov 23 2015 The widgets don't, but the forums worked when I tried it.
• cym13 (2/3) Nov 23 2015 Firefox 42.0 here, neither the widgets nor the forums worked.
• Vladimir Panteleev (6/22) Nov 24 2015 The forum widget isn't going to work until the forum is also
• Martin Nowak (5/8) Nov 27 2015 You could either get a free startssl certificate
• Vladimir Panteleev (2/10) Nov 27 2015 Could I send a CSR? Would that make sense?
• Kapps (7/15) Nov 30 2015 Letsencrypt goes into open beta in a few days
• Vladimir Panteleev (9/12) Nov 24 2015 Forcing HTTPS has broken:
• Walter Bright (6/8) Nov 24 2015 Jan just turned off the automatic http: => https: redirect. That will ke...
• Andrea Fontana (3/6) Nov 24 2015 Chrome warns me saying that dlang connectio is encrypted with
• David Nadlinger (9/12) Nov 24 2015 There are a number of issues with how SSL is set up on the
• duff (3/16) Nov 24 2015 You're part of the bikscheder team.
• David Nadlinger (3/4) Nov 24 2015 What is this even supposed to mean?
• deadalnix (3/12) Nov 25 2015 He is part of the doers. You may want to consider joining that
• Walter Bright (2/8) Nov 24 2015 Thanks, I forwarded this to Jan.
• Joseph Rushton Wakeling (12/15) Nov 25 2015 Trying to access https://forum.dlang.org/ I get a "This
• Martin Nowak (5/8) Nov 27 2015 Glad to hear that as it's a requirement to host installer scipts

Walter Bright <newshound2 digitalmars.com> writes:

I'm pleased to announce that Jan Knepper has gotten us some proper certificates 
now, and dlang.org and digitalmars.com are now fully https!

Adam D. Ruppe <destructionator gmail.com> writes:

On Monday, 23 November 2015 at 20:55:32 UTC, Walter Bright wrote:
 I'm pleased to announce that Jan Knepper has gotten us some 
 proper certificates now, and dlang.org and digitalmars.com are 
 now fully https!

Sooooo.... it isn't actually https everywhere. On a https page, 
the browsers by default block any external asset which itself 
isn't https loaded.

The forum and TWID widgets are not https and now no longer load 
on the homepage :(

Walter Bright <newshound2 digitalmars.com> writes:

On 11/23/2015 1:11 PM, Adam D. Ruppe wrote:
 On Monday, 23 November 2015 at 20:55:32 UTC, Walter Bright wrote:
 I'm pleased to announce that Jan Knepper has gotten us some proper
 certificates now, and dlang.org and digitalmars.com are now fully https!

 Sooooo.... it isn't actually https everywhere. On a https page, the browsers by
 default block any external asset which itself isn't https loaded.

 The forum and TWID widgets are not https and now no longer load on the
homepage :(

The widgets don't, but the forums worked when I tried it.

cym13 <cpicard openmailbox.org> writes:

On Monday, 23 November 2015 at 21:18:58 UTC, Walter Bright wrote:
 The widgets don't, but the forums worked when I tried it.

Firefox 42.0 here, neither the widgets nor the forums worked.

Vladimir Panteleev <thecybershadow.lists gmail.com> writes:

On Monday, 23 November 2015 at 21:18:58 UTC, Walter Bright wrote:
 On 11/23/2015 1:11 PM, Adam D. Ruppe wrote:
 On Monday, 23 November 2015 at 20:55:32 UTC, Walter Bright 
 wrote:
 I'm pleased to announce that Jan Knepper has gotten us some 
 proper
 certificates now, and dlang.org and digitalmars.com are now 
 fully https!

 Sooooo.... it isn't actually https everywhere. On a https 
 page, the browsers by
 default block any external asset which itself isn't https 
 loaded.

 The forum and TWID widgets are not https and now no longer 
 load on the homepage :(

 The widgets don't, but the forums worked when I tried it.

The forum widget isn't going to work until the forum is also 
HTTPS with a valid certificate.

Sorry, I'm not going to pay for my own SSL certificate :) You'll 
either have to share, or wait until Let's Encrypt goes live and I 
get around to setting it up.

Martin Nowak <code dawg.eu> writes:

On Tuesday, 24 November 2015 at 08:48:58 UTC, Vladimir Panteleev 
wrote:
 Sorry, I'm not going to pay for my own SSL certificate :) 
 You'll either have to share, or wait until Let's Encrypt goes 
 live and I get around to setting it up.

You could either get a free startssl certificate 
https://gist.github.com/mgedmin/7124635 or we try to reverse 
proxy through dlang.org/forum or so.

Vladimir Panteleev <thecybershadow.lists gmail.com> writes:

On Saturday, 28 November 2015 at 04:17:19 UTC, Martin Nowak wrote:
 On Tuesday, 24 November 2015 at 08:48:58 UTC, Vladimir 
 Panteleev wrote:
 Sorry, I'm not going to pay for my own SSL certificate :) 
 You'll either have to share, or wait until Let's Encrypt goes 
 live and I get around to setting it up.

 You could either get a free startssl certificate 
 https://gist.github.com/mgedmin/7124635 or we try to reverse 
 proxy through dlang.org/forum or so.

Could I send a CSR? Would that make sense?

Kapps <opantm2+spam gmail.com> writes:

On Saturday, 28 November 2015 at 04:17:19 UTC, Martin Nowak wrote:
 On Tuesday, 24 November 2015 at 08:48:58 UTC, Vladimir 
 Panteleev wrote:
 Sorry, I'm not going to pay for my own SSL certificate :) 
 You'll either have to share, or wait until Let's Encrypt goes 
 live and I get around to setting it up.

 You could either get a free startssl certificate 
 https://gist.github.com/mgedmin/7124635 or we try to reverse 
 proxy through dlang.org/forum or so.

Letsencrypt goes into open beta in a few days 
(https://letsencrypt.org/2015/11/12/public-beta-timing.html). 
Could use that since it's free, allows subdomains (unlike 
StartSSL), easy setup, and people theoretically aren't doing 
anything on the site / forums where a theoretical early 
vulnerability is a huge concern.

Vladimir Panteleev <thecybershadow.lists gmail.com> writes:

On Monday, 23 November 2015 at 20:55:32 UTC, Walter Bright wrote:
 I'm pleased to announce that Jan Knepper has gotten us some 
 proper certificates now, and dlang.org and digitalmars.com are 
 now fully https!

Forcing HTTPS has broken:

- The forum widget on the front page
- This week's "This Week in D" excerpt on the front page
- Runnable examples on the front page (more so than usual, now 
they are completely broken)

Effectively our front page is now a broken mess.

This change could've been done with some community communication, 
no? Then we could've gone into this prepared.

Walter Bright <newshound2 digitalmars.com> writes:

On 11/24/2015 12:55 AM, Vladimir Panteleev wrote:
 This change could've been done with some community communication, no? Then we
 could've gone into this prepared.


Jan just turned off the automatic http: => https: redirect. That will keep the 
site working as before giving time to get everything working with https:

I ask that everything that doesn't work with https: get filed as a bugzilla 
issue. I've filed these:

     https://issues.dlang.org/show_bug.cgi?id=15378

Andrea Fontana <nospam example.com> writes:

On Monday, 23 November 2015 at 20:55:32 UTC, Walter Bright wrote:
 I'm pleased to announce that Jan Knepper has gotten us some 
 proper certificates now, and dlang.org and digitalmars.com are 
 now fully https!

Chrome warns me saying that dlang connectio is encrypted with 
obsolete cryptography

David Nadlinger <code klickverbot.at> writes:

On Monday, 23 November 2015 at 20:55:32 UTC, Walter Bright wrote:
 I'm pleased to announce that Jan Knepper has gotten us some 
 proper certificates now, and dlang.org and digitalmars.com are 
 now fully https!

There are a number of issues with how SSL is set up on the 
server, from misconfiguration and/or outdated software: 
https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on

Compare this e.g. to issues.dlang.org, which achieves a solid A 
grade (although it uses a SHA-1 intermediary certificate, which 
will lead to issues soon): 
https://www.ssllabs.com/ssltest/analyze.html?d=issues.dlang.org&hideResults=on

  — David

duff <duff garam.de> writes:

On Tuesday, 24 November 2015 at 18:59:39 UTC, David Nadlinger 
wrote:
 On Monday, 23 November 2015 at 20:55:32 UTC, Walter Bright 
 wrote:
 I'm pleased to announce that Jan Knepper has gotten us some 
 proper certificates now, and dlang.org and digitalmars.com are 
 now fully https!

 There are a number of issues with how SSL is set up on the 
 server, from misconfiguration and/or outdated software: 
 https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on

 Compare this e.g. to issues.dlang.org, which achieves a solid A 
 grade (although it uses a SHA-1 intermediary certificate, which 
 will lead to issues soon): 
 https://www.ssllabs.com/ssltest/analyze.html?d=issues.dlang.org&hideResults=on

  — David

You're part of the bikscheder team.

David Nadlinger <code klickverbot.at> writes:

On Tuesday, 24 November 2015 at 19:13:22 UTC, duff wrote:
 You're part of the bikscheder team.

What is this even supposed to mean?

  — David

deadalnix <deadalnix gmail.com> writes:

On Tuesday, 24 November 2015 at 19:13:22 UTC, duff wrote:
 On Tuesday, 24 November 2015 at 18:59:39 UTC, David Nadlinger 
 wrote:
 Compare this e.g. to issues.dlang.org, which achieves a solid 
 A grade (although it uses a SHA-1 intermediary certificate, 
 which will lead to issues soon): 
 https://www.ssllabs.com/ssltest/analyze.html?d=issues.dlang.org&hideResults=on

  — David

 You're part of the bikscheder team.

He is part of the doers. You may want to consider joining that 
team, but be warned, it require actual work.

Walter Bright <newshound2 digitalmars.com> writes:

On 11/24/2015 10:59 AM, David Nadlinger wrote:
 There are a number of issues with how SSL is set up on the server, from
 misconfiguration and/or outdated software:
 https://www.ssllabs.com/ssltest/analyze.html?d=dlang.org&hideResults=on

 Compare this e.g. to issues.dlang.org, which achieves a solid A grade (although
 it uses a SHA-1 intermediary certificate, which will lead to issues soon):
 https://www.ssllabs.com/ssltest/analyze.html?d=issues.dlang.org&hideResults=on


Thanks, I forwarded this to Jan.

Joseph Rushton Wakeling <joseph.wakeling webdrake.net> writes:

On Monday, 23 November 2015 at 20:55:32 UTC, Walter Bright wrote:
 I'm pleased to announce that Jan Knepper has gotten us some 
 proper certificates now, and dlang.org and digitalmars.com are 
 now fully https!

Trying to access https://forum.dlang.org/ I get a "This 
Connection Is Untrusted" page from Firefox, which notes:

----------------
forum.dlang.org uses an invalid security certificate. The 
certificate is not trusted because it is self-signed. The 
certificate is only valid for * (Error code: 
sec_error_unknown_issuer)
----------------

It's a good thing that I know and love this place, because 
usually when I see that kind of error on a website, I take it as 
a sign to steer clear ;-)

Martin Nowak <code dawg.eu> writes:

On Monday, 23 November 2015 at 20:55:32 UTC, Walter Bright wrote:
 I'm pleased to announce that Jan Knepper has gotten us some 
 proper certificates now, and dlang.org and digitalmars.com are 
 now fully https!

Glad to hear that as it's a requirement to host installer scipts 
and our gpg keyring with some trust.
https://github.com/D-Programming-Language/installer/pull/162

Guess we'll quickly fix the few non-shema relative urls.