Results 1 to 11 of 11
  1. #1
    Active Member blamani's Avatar
    Reputation
    18
    Join Date
    Jul 2008
    Posts
    64
    Thanks G/R
    1/2
    CoreCoins
    197
    Trade Feedback
    0 (0%)

    Enabling SSL breaks the page

    With the new firefox that blocks active mixed-content the WYSISYG Editor for posts breaks when you enable ssl for this page.

    I had the following warnings:

    Code:
    [
    "http://www.ownedcore.com/forums/mobiquo/smartbanner/appbanner.css" was blocked. @ https://www.ownedcore.com/forums/newthread.php?do=newthread&f=166
    "http://www.ownedcore.com/forums/mobiquo/smartbanner/appbanner.js" was blocked. @ https://www.ownedcore.com/forums/newthread.php?do=newthread&f=166
    "http://www.adpeepshosted.com/adpeeps.php?bf=showad&uid=101861&bmode=off&gpos=center&bzone=default&bsize=728x90&btype=3&bpos=default&btotal=1&btarget=_blank&bborder=0" was blocked. @ https://www.ownedcore.com/forums/newthread.php?do=newthread&f=166
    "http://www.ownedcore.com/forums/clientscript/vbulletin_facebook.js?v=420" was blocked. @ https://www.ownedcore.com/forums/newthread.php?do=newthread&f=166
    "http://www.ownedcore.com/forums/clientscript/ckeditor_config.js?v=420&t=B8DJ5M3" was blocked. @ https://www.ownedcore.com/forums/clientscript/ckeditor/ckeditor.js?t=A7HG4HT&v=420:16
    You should update SSL , because the current version doesn't seem to mitigate the BEAST attack.
    Finally, since RC4 is declared broken officially, you might want to disable it and allow TLS1.2 with some more secure Methods, including Forward Secrecy

  2. #2
    Administrator
    CoreCoins User Authenticator enabled Ket's Avatar
    Reputation
    744
    Join Date
    Feb 2008
    Posts
    3,296
    Thanks G/R
    541/221
    CoreCoins
    253176
    Trade Feedback
    29 (93%)
    It should be fixed now.

  3. #3
    Active Member blamani's Avatar
    Reputation
    18
    Join Date
    Jul 2008
    Posts
    64
    Thanks G/R
    1/2
    CoreCoins
    197
    Trade Feedback
    0 (0%)
    looks better now indeed, but there are still 2 warnings:

    http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" @ https://www.ownedcore.com/forums/new...eaks-page.html
    http://www.adpeepshosted.com/adpeeps.php?bf=showad&uid=101861&bmode=off&gpos=center&bzone=default&bsize=728x9 0&btype=3&bpos=default&btotal=1&btarget=_blank&bborder=0" @ https://www.ownedcore.com/forums/new...eaks-page.html
    both websites answer ssl-requests without cert-problems

  4. #4
    Administrator
    CoreCoins User Authenticator enabled Ket's Avatar
    Reputation
    744
    Join Date
    Feb 2008
    Posts
    3,296
    Thanks G/R
    541/221
    CoreCoins
    253176
    Trade Feedback
    29 (93%)
    That should be fixed now as well.

    Thanks!

  5. #5
    Active Member blamani's Avatar
    Reputation
    18
    Join Date
    Jul 2008
    Posts
    64
    Thanks G/R
    1/2
    CoreCoins
    197
    Trade Feedback
    0 (0%)
    How about the following things:

    SSl2 is enabled (nobody should use that any more)

    there are algorithms enabled that shouldnt:
    TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc01 INSECURE
    TLS_ECDH_anon_WITH_RC4_128_SHA (0xc016) INSECURE
    TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017) INSECURE
    TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019) INSECURE

    According to Bruce Schneier and a few others, RC4 should also be disabled.
    Last:
    BEAST attack Not mitigated server-side (more info) SSL 3: 0x7, TLS 1.0: 0x7 , depending on the operating system and webserver you might want to do an update there as well.

  6. #6
    Active Member blamani's Avatar
    Reputation
    18
    Join Date
    Jul 2008
    Posts
    64
    Thanks G/R
    1/2
    CoreCoins
    197
    Trade Feedback
    0 (0%)
    I would also like to see TLS enabled for Tapatalk

  7. #7
    Active Member blamani's Avatar
    Reputation
    18
    Join Date
    Jul 2008
    Posts
    64
    Thanks G/R
    1/2
    CoreCoins
    197
    Trade Feedback
    0 (0%)
    The certificate on this page is no longer valid

  8. #8
    Private Cnypher's Avatar
    Reputation
    1
    Join Date
    Dec 2013
    Posts
    11
    Thanks G/R
    0/0
    CoreCoins
    0
    Trade Feedback
    0 (0%)
    Quote Originally Posted by blamani View Post
    The certificate on this page is no longer valid
    same here

  9. #9
    Administrator
    CoreCoins User Authenticator enabled Ket's Avatar
    Reputation
    744
    Join Date
    Feb 2008
    Posts
    3,296
    Thanks G/R
    541/221
    CoreCoins
    253176
    Trade Feedback
    29 (93%)
    Should be all fixed now. Please let me know if any issues.

    Thanks!

  10. #10
    Active Member blamani's Avatar
    Reputation
    18
    Join Date
    Jul 2008
    Posts
    64
    Thanks G/R
    1/2
    CoreCoins
    197
    Trade Feedback
    0 (0%)
    Is there a reason why Ownedcore no longer supports TLS?

  11. The Following 1 Members Gave Thanks To blamani For This Useful Post:

    Ket
  12. #11
    Administrator
    CoreCoins User Authenticator enabled Ket's Avatar
    Reputation
    744
    Join Date
    Feb 2008
    Posts
    3,296
    Thanks G/R
    541/221
    CoreCoins
    253176
    Trade Feedback
    29 (93%)
    Quote Originally Posted by blamani View Post
    Is there a reason why Ownedcore no longer supports TLS?
    Actually we are moving towards that very soon.

  13. The Following 1 Members Gave Thanks To Ket For This Useful Post:

    Jaladhjin
 

 

Similar Threads

  1. How do you enable LUA in the core?
    By roguesownu in forum World of Warcraft Emulator Servers
    Replies: 7
    Last Post: 04-12-2008, 06:53 AM
  2. AV-botting without breaking the TOS?
    By Yorii in forum WoW PvP & Battlegrounds
    Replies: 5
    Last Post: 02-04-2008, 06:49 AM
  3. Breaking The Rules
    By DrSeven in forum World of Warcraft General
    Replies: 9
    Last Post: 11-06-2006, 10:02 AM
All times are GMT -5. The time now is 07:07 AM. Powered by vBulletin® Version 4.2.2
Copyright © 2017 vBulletin Solutions, Inc. All rights reserved. Digital Point modules: Sphinx-based search