Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  

Author Topic: Anyone else getting insecure Firefox connections?  (Read 20304 times)

Silverwing235

  • Bay Watcher
    • View Profile
Anyone else getting insecure Firefox connections?
« on: June 23, 2018, 05:47:11 am »

....As in, front door is broken, so you need to go in round the back, for example.
Logged

lethosor

  • Bay Watcher
    • View Profile
Re: Anyone else getting insecure Firefox connections?
« Reply #1 on: June 23, 2018, 09:03:46 am »

I'm not sure what you mean. Both of those links work for me. Maybe your browser is complaining about the lack of HTTPS? Can you provide a more specific message?
Logged
DFHack - Dwarf Manipulator (Lua) - DF Wiki talk

There was a typo in the siegers' campfire code. When the fires went out, so did the game.

Silverwing235

  • Bay Watcher
    • View Profile
Re: Anyone else getting insecure Firefox connections?
« Reply #2 on: June 23, 2018, 10:26:26 am »

....I take it you mean, other than "Your connection is not secure. The administrator of dwarffortresswiki has configured their website improperly" when trying to access the main page every once in a while? Not really, no, at least not for now. My apologies, nonetheless. 
Logged

lethosor

  • Bay Watcher
    • View Profile
Re: Anyone else getting insecure Firefox connections?
« Reply #3 on: June 23, 2018, 08:35:42 pm »

Your connection is not secure. The administrator of dwarffortresswiki has configured their website improperly
This is exactly what I was asking for. I've never seen that before, but I use Chrome. Chrome provides a "not secure" indicator in the address bar when I'm on a page with a password field, but otherwise it just provides a "(i)" in the address bar to indicate HTTP. Google sometimes experiments with showing different indicators to different people, but in any case, the two pages that you linked look identical to me in terms of browser UI (of course, the content is different). I have almost no idea why you would only see that sometimes on the main page - if it were consistent, my guess would be a password field, but there isn't one on that page. Are you using an ad blocker, or other content-affecting extension?
Logged
DFHack - Dwarf Manipulator (Lua) - DF Wiki talk

There was a typo in the siegers' campfire code. When the fires went out, so did the game.

Silverwing235

  • Bay Watcher
    • View Profile
Re: Anyone else getting insecure Firefox connections?
« Reply #4 on: June 25, 2018, 02:34:53 am »

...Usually(ads being ads, those days) but for this wiki, no. Firefox would seem to be a lot more adept than Chrome at detecting expired security-certificate shenanigans (May or so, by the look of it) for logged-out Firefox users, which seems to be the problem here. 
Logged

lethosor

  • Bay Watcher
    • View Profile
Re: Anyone else getting insecure Firefox connections?
« Reply #5 on: June 25, 2018, 10:05:52 am »

The wiki doesn't use HTTPS, so it can't have an expired certificate.
Logged
DFHack - Dwarf Manipulator (Lua) - DF Wiki talk

There was a typo in the siegers' campfire code. When the fires went out, so did the game.

Silverwing235

  • Bay Watcher
    • View Profile
Re: Anyone else getting insecure Firefox connections?
« Reply #6 on: June 27, 2018, 11:56:13 am »

The wiki doesn't use HTTPS, so it can't have an expired certificate.
That may be the case, but Firefox disagrees:
Quote from:  Firefox Desc
dwarffortresswiki.org uses an invalid security certificate. The certificate expired on 02 May 2018, 00:59. The current time is 27 June 2018, 17:48. Error code: SEC_ERROR_EXPIRED_CERTIFICATE
Logged

lethosor

  • Bay Watcher
    • View Profile
Re: Anyone else getting insecure Firefox connections?
« Reply #7 on: June 27, 2018, 01:00:54 pm »

Firefox is entirely wrong, then. I don't even see a certificate listed in Chrome.
Edit: we used HTTPS briefly in 2014 or 2015 or so (less than a week). Maybe Firefox is picking up that certificate somehow? It shouldn't be served by the wiki, in any case, and it should have expired more than a month ago.
« Last Edit: June 27, 2018, 01:04:47 pm by lethosor »
Logged
DFHack - Dwarf Manipulator (Lua) - DF Wiki talk

There was a typo in the siegers' campfire code. When the fires went out, so did the game.

DwarfToys

  • Bay Watcher
    • View Profile
Re: Anyone else getting insecure Firefox connections?
« Reply #8 on: July 17, 2018, 01:57:55 am »

It just tells me that the site isn't https if I go to the default link. 

If you go to the https page manually or via a link, it would appear that the HTTPS port is still open and the browser will throw the Insecure connection screen...

Issued to: 
CN = dwarffortresswiki.org
OU = PositiveSSL
OU = Domain Control Validated
SN = 00:E1:70:67:7B:05:AD:10:6F:5D:E4:F8:DB:66:E9:81:64

Issuer:
CN = COMODO RSA Domain Validation Secure Server CA
O = COMODO CA Limited
L = Salford
ST = Greater Manchester
C = GB

Validity:
Not before = Wednesday, April 29, 2015, 7:00:00 PM
(Thursday, April 30, 2015, 12:00:00 AM GMT)
Not after = Tuesday, May 1, 2018, 6:59:59 PM
(Tuesday, May 1, 2018, 11:59:59 PM GMT)

FYI.
Logged

lethosor

  • Bay Watcher
    • View Profile
Re: Anyone else getting insecure Firefox connections?
« Reply #9 on: July 17, 2018, 08:18:36 am »

The HTTPS port is still open because it's a redirect to the HTTP site (or at least it was). You're correct that the certificate is expired, but that's because nobody should be accessing the HTTPS site anymore, since it doesn't even do anything.

Once we do get HTTPS set up (which I think Locriani is working on), you'll want to use that, of course, but not now.
Logged
DFHack - Dwarf Manipulator (Lua) - DF Wiki talk

There was a typo in the siegers' campfire code. When the fires went out, so did the game.

DwarfToys

  • Bay Watcher
    • View Profile
Re: Anyone else getting insecure Firefox connections?
« Reply #10 on: July 17, 2018, 02:05:38 pm »

Yeah,  I don't consider this a site issue really because it is hard to make it happen normally.  I was just pointing out that an expired cert is there, but you have to go looking for it.  :P
Logged

lethosor

  • Bay Watcher
    • View Profile
Re: Anyone else getting insecure Firefox connections?
« Reply #11 on: July 17, 2018, 11:16:32 pm »

We're not using HTTPS, so we don't need a valid certificate right now. I'm honestly surprised it lasted this long, assuming the May 1, 2018 date is correct.
Logged
DFHack - Dwarf Manipulator (Lua) - DF Wiki talk

There was a typo in the siegers' campfire code. When the fires went out, so did the game.