Welcome, guest! Please login or register.

    Author Topic: Mandatory HTTPS!  (Read 4521 times)

    0 Members and 1 Guest are viewing this topic.

    OfflineJustin Bieber

    • Member
    • ****
    • Posts: 2,942
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #40 on: November 01, 2015, 03:41:13 PM »
    rofl

    Offlinesini

    • Member
    • ****
    • *
    • *
    • Posts: 5,785
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #41 on: November 01, 2015, 06:29:00 PM »
    this conversation

    OfflineMoparisthebest

    Re: Mandatory HTTPS!
    « Reply #42 on: November 02, 2015, 07:16:10 AM »
    As far as I can tell, there aren't any downsides, and it's a good fallback if for some reason we have a cert problem and everyone wont be able to view the site because "THIS CONNECTION IS UNTRUSTED"

    Actually new Firefox, and soon if not already Chrome and then inevitably other browsers now show a big "THIS CONNECTION IS UNTRUSTED" warning on http. :)  That was actually one of the many reasons to do this.
    Do you have a source for that? I believe that is incorrect. AFAIK that warning shows when you attempt to use https and the site has an invalid cert. I use the latest firefox and never get that warning on http.

    I couldn't find a link about firefox doing this, but someone in IRC showed me a screenshot of the latest firefox beta showing this warning on moparscape.org, so I know it's planned at least.

    I like being able to cache my webpages. My internet is slow as it is especially in my area, having to always load the page isn't really something I'd fancy.

    Security over performance, in my case I'd prefer performance.

    Actually HTTPS is faster, due to being able to use SPDY 2/3 instead of HTTP/1.1 on this server, and soon I'll offer HTTP/2 as well (again only over https).  Of course you need a browser that supports those, but any chrome or firefox from the last few years will do.  Also as others have pointed out, http/https cache semantics are identical.
    forum.moparisthebest.com
    You can have my gun when you pry it from my cold, dead hands.
    Linux users, we do it in the open.

    OfflineJustin Bieber

    • Member
    • ****
    • Posts: 2,942
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #43 on: November 03, 2015, 10:25:03 AM »
    in seriousness, I posted that test so that we could quantify the difference in http/https performance for people having performance problems. because nothing is going to get fixed if we keep saying HTTPS IS FASTR THAN HTTP or HTTP IS FASTER THAN HTTPS. if anyone has a better test then go ahead and post it.

    OfflineMoparisthebest

    Re: Mandatory HTTPS!
    « Reply #44 on: November 03, 2015, 12:37:59 PM »
    A standard apt-get upgrade pulled in a new minor release of nginx, which for some reason removed spdy and replaced it with http2, so now we have full http2 support for free.

    Enjoy!
    forum.moparisthebest.com
    You can have my gun when you pry it from my cold, dead hands.
    Linux users, we do it in the open.

    Offlinet4

    • Member
    • ****
    • *
    • *
    • *
    • Posts: 6,799
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #45 on: November 03, 2015, 05:59:59 PM »
    but my browser doesn't support nginx  :confused::confused::confused::confused::confused:

    OfflineLothy

    • Member
    • ****
    • *
    • *
    • Posts: 7,005
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #46 on: November 04, 2015, 12:06:01 AM »
    but my browser doesn't support nginx  :confused::confused::confused::confused::confused:
    Yeah well my network doesn't support networking   :confused::confused::confused::confused::confused:
    <&Speljohan_> i wouldnt want to live in a society where Mopman isnt monitored 24/7

    Offlinesini

    • Member
    • ****
    • *
    • *
    • Posts: 5,785
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #47 on: November 04, 2015, 12:57:45 AM »
    you guys are quality memers

    OfflineTom

    • hi
    • Administrator
    • *****
    • *
    • Posts: 5,918
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #48 on: November 04, 2015, 10:12:43 AM »
    A standard apt-get upgrade pulled in a new minor release of nginx, which for some reason removed spdy and replaced it with http2, so now we have full http2 support for free.

    Enjoy!

    That's some proper exciting news, thanks mopar, I knew waiting 12 years for you to do something would pay off. :D

    OfflineDavidi2

    • Member
    • ****
    • *
    • Posts: 23,362
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #49 on: November 04, 2015, 10:45:22 PM »
    I couldn't find a link about firefox doing this, but someone in IRC showed me a screenshot of the latest firefox beta showing this warning on moparscape.org, so I know it's planned at least.
    As far as I can see, the warning shows when using mixed-mode HTTPS, assuming he was referring to the Firefox update that went out in the last couple days. HTTP still doesn't have a warning AFAIK

    As of my firefox update today I did get new things:
    HTTP:
    Mixed-mode HTTPS:
    Fully-secured HTTPS:


    If that second picture looks like what he showed you, it might've been that there were images on the MPSC page he was looking at that weren't using https. I get that warning still on MPSC even with the enforced HTTPS now that I've linked puush screenshots which isnt using SSL (second picture)
    « Last Edit: November 05, 2015, 02:44:45 PM by Davidi2 »

    OfflineBowser jr

    • Member
    • ****
    • Posts: 6,002
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #50 on: November 05, 2015, 01:03:11 PM »
    Because speed is important on Moparscape.

    And I get no conclusive results from HTTPvsHTTPS
    « Last Edit: November 05, 2015, 01:05:56 PM by Bowser jr »

    OfflinePwnd

    • pround player of moparscape.org
    • Member
    • ****
    • *
    • *
    • Posts: 8,553
    • Thanks: +0/-0
      • View Profile
      • Pwnd's Arcade
    Re: Mandatory HTTPS!
    « Reply #51 on: November 05, 2015, 10:36:49 PM »
    This topic should be locked.
    [ +lawl ] web dev more like pleb dev

     


    Users found this pages searching for:

    Copyright © 2016/17 MoparScape. All rights reserved.