-
Active Member
Enabling SSL breaks the page
With the new firefox that blocks active mixed-content the WYSISYG Editor for posts breaks when you enable ssl for this page.
I had the following warnings:
Code:
[
"http://www.ownedcore.com/forums/mobiquo/smartbanner/appbanner.css" was blocked. @ https://www.ownedcore.com/forums/newthread.php?do=newthread&f=166
"http://www.ownedcore.com/forums/mobiquo/smartbanner/appbanner.js" was blocked. @ https://www.ownedcore.com/forums/newthread.php?do=newthread&f=166
"http://www.adpeepshosted.com/adpeeps.php?bf=showad&uid=101861&bmode=off&gpos=center&bzone=default&bsize=728x90&btype=3&bpos=default&btotal=1&btarget=_blank&bborder=0" was blocked. @ https://www.ownedcore.com/forums/newthread.php?do=newthread&f=166
"http://www.ownedcore.com/forums/clientscript/vbulletin_facebook.js?v=420" was blocked. @ https://www.ownedcore.com/forums/newthread.php?do=newthread&f=166
"http://www.ownedcore.com/forums/clientscript/ckeditor_config.js?v=420&t=B8DJ5M3" was blocked. @ https://www.ownedcore.com/forums/clientscript/ckeditor/ckeditor.js?t=A7HG4HT&v=420:16
You should update SSL , because the current version doesn't seem to mitigate the BEAST attack.
Finally, since RC4 is declared broken officially, you might want to disable it and allow TLS1.2 with some more secure Methods, including Forward Secrecy
-
-
Active Member
looks better now indeed, but there are still 2 warnings:
both websites answer ssl-requests without cert-problems
-
That should be fixed now as well.
Thanks!
-
Active Member
How about the following things:
SSl2 is enabled (nobody should use that any more)
there are algorithms enabled that shouldnt:
TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc01 INSECURE
TLS_ECDH_anon_WITH_RC4_128_SHA (0xc016) INSECURE
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017) INSECURE
TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019) INSECURE
According to Bruce Schneier and a few others, RC4 should also be disabled.
Last:
BEAST attack Not mitigated server-side (more info) SSL 3: 0x7, TLS 1.0: 0x7 , depending on the operating system and webserver you might want to do an update there as well.
-
Active Member
I would also like to see TLS enabled for Tapatalk
-
Active Member
The certificate on this page is no longer valid
-
Private
Originally Posted by
blamani
The certificate on this page is no longer valid
same here
-
Should be all fixed now. Please let me know if any issues.
Thanks!
-
Active Member
Is there a reason why Ownedcore no longer supports TLS?
-
Post Thanks / Like - 1 Thanks
Ket (1 members gave Thanks to blamani for this useful post)
-
Originally Posted by
blamani
Is there a reason why Ownedcore no longer supports TLS?
Actually we are moving towards that very soon.
-
Post Thanks / Like - 1 Thanks
Jaladhjin (1 members gave Thanks to Ket for this useful post)