posted by
NCommander
on Tuesday April 01 2014, @04:00PM
from the that-was-a-bitch-to-get-working dept.
from the that-was-a-bitch-to-get-working dept.
After a significant amount of wrestling with Slash, we've got SSL working properly. Slash normally tried to prevent people from using SSL unless they were an admin or subscriber. This, combined with some absolutely horrendous buggy code, and compounded by the fact we don't use mod_ssl, was not ideal. I'm pleased to announce that we've managed to exorcise the last of the demons in this code, so right now, you can go up to your URL bar, and fiddle it over to https://dev.soylentnews.org, and it will work!
Right now, we're running with a proper SSL certificate, but secondary services are running with a wild-card CACert certificate, we'll migrate those to a conventional certificate authority once we've done the possible site rename to prevent us from having to buy multiple SSL certificates. I've had to gut the back-end pretty heavily to make this work, so please try it out, and let us know what you find. Once we're fairly certain we've exterminated all the bugs, we'll be taking a serious look at the possibility of going SSL by default.
Until then, enjoy your now-encrypted BaconNews!
Right now, we're running with a proper SSL certificate, but secondary services are running with a wild-card CACert certificate, we'll migrate those to a conventional certificate authority once we've done the possible site rename to prevent us from having to buy multiple SSL certificates. I've had to gut the back-end pretty heavily to make this work, so please try it out, and let us know what you find. Once we're fairly certain we've exterminated all the bugs, we'll be taking a serious look at the possibility of going SSL by default.
Until then, enjoy your now-encrypted BaconNews!
This discussion has been archived.
No new comments can be posted.
BaconNews: Now With Working SSL
|
Log In/Create an Account
| Top
| 1000 moderator points
| 20 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 1) by BsAtHome on Tuesday April 01 2014, @04:04PM
This is really great news! Thanks for implementing transport layer security. At least now the eavesdroppers will have a harder time tracking the flow(*).
* Unless your code is too buggy, but I believe you all try your best ;-)
(Score: 4, Informative) by Angry Jesus on Tuesday April 01 2014, @04:09PM
Most websites that do SSL, do it poorly with low grade ciphers.
My firefox says you guys are using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 with Perfect Forward Secrecy which is top notch all around. Congratulations.
(Score: 2) by The Mighty Buzzard on Tuesday April 01 2014, @06:25PM
123
456
789
(Score: 2) by NCommander on Tuesday April 01 2014, @10:50PM
Once we're incorporated, I intend to get EV certs for the site vs. just DV.
Still always moving
(Score: 0) by Zinho on Tuesday April 01 2014, @04:17PM
Kudos, it seems to work for me as advertized! Keep up the good work.
(Score: 2) by edIII on Tuesday April 01 2014, @06:34PM
Same here. I also use the HTTPS Everywhere extension so it was automatic for me the moment it was supported.
I'll let you guy knows if I have any problems.
(Score: 1) by Yog-Yogguth on Tuesday April 01 2014, @10:11PM
Strange so do I but it's not automagic here. Not when visiting the main page whether by link or typing it in and not when using RSS links.
Using HTTPS Everywhere 3.4.5
Don't worry about this on my behalf; I want to applaud the effort even if I consider SSL & HTTPS broken (with or without a CA). I use it but don't assume to gain much if anything from it, more importantly suppoprting SSL/HTTPS and TOR and anything else like it increases the chances of the site be able to support other future possibilities that might not be broken (perfection being the enemy of everything and all that).
Buck Feta? Duck Fice! And Guck Foogle too!
(Score: 1, Funny) by black6host on Tuesday April 01 2014, @04:20PM
I know I'm new, and don't spend too much time here, though I do check in daily,but what's up with the name change? I think I missed something obvious to most....
(Score: 3, Insightful) by paulej72 on Tuesday April 01 2014, @04:21PM
Check today's date.
Team Leader for SN Development Dev Server [soylentnews.org]
(Score: 1) by black6host on Tuesday April 01 2014, @05:56PM
Yes, I had considered that. Thought I might have missed a memo :)
(Score: 1) by zigbigadoorlue on Wednesday April 02 2014, @01:39AM
There has also been an ongoing discussion about Soylent News being the final name for the site. I believe that it is currently still the plan to have a vote on whether to keep SN or change it to one of a current list of popular alternatives (I suspect this list is on the wiki. Not sure where).
I really like the name dev.soylentnews.org though am confused as to why no one is concerned that MGM is going to sue us over it. Is it protected under parody?
(Score: 4, Informative) by Marand on Tuesday April 01 2014, @04:34PM
Glad to see the site working with SSL, it's appreciated, but there is still at least one problem with the implementation:
URLs followed from the RSS feed still go to http: instead of https [dev.soylentnews.org]:, even when the feed itself is https (from https://dev.soylentnews.org/index.rss [dev.soylentnews.org])
(Score: 1) by cykros on Tuesday April 01 2014, @06:14PM
I was just about to update my RSS feed to https, but hearing this, guess I'll wait. Looking into writing the rule for https-everywhere in the meantime.
(Score: 3, Informative) by mrcoolbp on Tuesday April 01 2014, @06:24PM
I've logged this as a feature request:
https://github.com/SoylentNews/slashcode/issues/12 2 [github.com]
(Score:1^½, Radical)
(Score: 2) by pe1rxq on Tuesday April 01 2014, @04:55PM
Great job.
Now get back to working on IPv6 support!
(Score: 1) by clone141166 on Tuesday April 01 2014, @05:55PM
Nice work! Thanks! Encrypted bacon is the best kind of bacon.
(Score: 1) by velex on Tuesday April 01 2014, @06:37PM
Looks good from here. Also liking the new buttons. Kudos and hope the IPID thing for IPv6 suppport doesn't turn into too much of a bugbear.
(Score: 1) by boltronics on Tuesday April 01 2014, @10:08PM
Nice work, people.
It's GNU/Linux dammit!
(Score: 1) by xtronics on Tuesday April 01 2014, @10:15PM
I always wonder if encryption calls attention you may not want - but at this point even google is doing it..
Also - for some strange reason there is no page in wikipedia about soylentnews and no mention of it's birth at Wikipedia's entry about some beta site.
(Score: 1) by johnlenin1 on Tuesday April 01 2014, @10:38PM
What a great April first on SN. A few jokes, but lots of great stories. Plus all the technical goodies for the site, and now SSL. Way to go, and thanks!