People having trouble accessing the site
- Thread starter Pixel
- Start date
Jason Tandro
Banned
- AKA
- Jason Tandro, Doc Brown, Santa Christ, FearAddict, Thibault Stormrunner, RN: Micah Rodney
Best I can offer is from Google Knowledgebase. I figure this is gonna be something that some of the tech smart people need to answer, but for reference here it is:
https://productforums.google.com/forum/#!msg/chrome/-WxP9tKE2vA/JhOGPq1wbVgJ
https://productforums.google.com/forum/#!msg/chrome/-WxP9tKE2vA/JhOGPq1wbVgJ
Kionae
Pro Adventurer
- AKA
- Desha
I came across this. It looks to be an issue with the cipher suites used in the server config for ssl.
Here's a nice tool that tests and gradesyour ssl setup. We're scoring a B at present.
Here's a nice tool that tests and gradesyour ssl setup. We're scoring a B at present.
Flintlock
Pro Adventurer
We've known about the issue since Flailthroughs reported it 11 days ago. Yop said he'd look into a fix/workaround but I'm not sure if he was able to find one.
In the meantime you can recommend people update their browsers. If they're not able to do that because they're on a very old operating system like Windows XP or the version of Mac OS that person mentioned in their message, they should really update that, but that might not be feasible for everyone, so I guess just tell them that we're aware of the issue and politely ask them to sit tight while we work on it.
In the meantime you can recommend people update their browsers. If they're not able to do that because they're on a very old operating system like Windows XP or the version of Mac OS that person mentioned in their message, they should really update that, but that might not be feasible for everyone, so I guess just tell them that we're aware of the issue and politely ask them to sit tight while we work on it.
Cthulhu
Administrator
- AKA
- Yop
I'm surprised you can still access TLS, then 
I mean again I could disable the forced HTTPS redirect, but that kinda defeats the purpose of having HTTPS in the first place. Newer versions of Chrome will also give a warning on the TLS pages with a login screen if you access then via an unsecured connection.
so, disable forced HTTPS usage y/n?
I mean again I could disable the forced HTTPS redirect, but that kinda defeats the purpose of having HTTPS in the first place. Newer versions of Chrome will also give a warning on the TLS pages with a login screen if you access then via an unsecured connection.
so, disable forced HTTPS usage y/n?
Cthulhu
Administrator
- AKA
- Yop
Probably tune their webserver so it'll accept older (weaker, proven-to-be-insecure) encryption algorithms, such as SHA-1 which was broken recently (and already deprecated in 2005 or so).
Off course, it doesn't really matter how secure your shit was if you ran it through Cloudflare, which, as turned out recently, had a memory leak in their reverse proxy causing secure data from sites including e.g. private keys to leak out to the public.
it's all shit. I can turn the security down a bit if it really does impact that many people, but, only 54% of TLS visitors in the past year used Windows, and of those only 2% used XP. That's about 1700 sessions out of 156K.
Off course, it doesn't really matter how secure your shit was if you ran it through Cloudflare, which, as turned out recently, had a memory leak in their reverse proxy causing secure data from sites including e.g. private keys to leak out to the public.
it's all shit
. I can turn the security down a bit if it really does impact that many people, but, only 54% of TLS visitors in the past year used Windows, and of those only 2% used XP. That's about 1700 sessions out of 156K.
Flintlock
Pro Adventurer
Are we on the free Cloudflare plan? Their paid plans include SHA-1 fallback for older browsers (link) but I can't see it being worth $240 a year to upgrade if we're on the free plan at the moment.
If it comes down to a choice between reducing security for 99% of our visitors and telling the remaining 1% to upgrade their browsers, I'm with the 99%.
If it comes down to a choice between reducing security for 99% of our visitors and telling the remaining 1% to upgrade their browsers, I'm with the 99%.
Octo
KULT OF KERMITU
- AKA
- Octo, Octorawk, Clarky Cat, Kissmammal2000
What kind of security shit tho like? I mean, I've only ever got malware and shit from downloading random stuff when I was less intelligent.
I have no idea of these things, but what could possibleye happen? Are there hackers out there who are going to be like 'wow this person is on XP still they must be loaded! Lets hack them and steal their bank details because that is bound to be a worthwhile endeavour and totally not a complete waste of fucking time'
Or are there?
I have no idea of these things, but what could possibleye happen? Are there hackers out there who are going to be like 'wow this person is on XP still they must be loaded! Lets hack them and steal their bank details because that is bound to be a worthwhile endeavour and totally not a complete waste of fucking time'
Or are there?
Cthulhu
Administrator
- AKA
- Yop
Encrypting the connection between TLS and your computer, which prevents snooping and things like intercepting passwords. For TLS I guess it's not that critical for the average user or just a reader though, especially if they don't have an account.
re: Cloudflare, I did set it up for TLS for a while, but since it acts as a proxy it caused IP bans and IP address tracking to become useless. I didn't do any measurements re: performance etc though. Also that link I posted earlier refers to an issue with cloudflare when it comes to security - downloading webpages went through two hops, server to CF, CF to user, and it seems content wasn't encrypted or something while it went through CF, which due to a memory bug caused content from site A to end up on site B, which was then stored in e.g. google caches. Interesting problem, that. Not something we should be too worried about if we were affected I think, but still. Anyway, I should be able to lower security settings myself, wouldn't need a 3rd party in the middle for that - although measuring whether adding CF again improves performance and user engagement etc is still something to try out again. Although I'm pretty sure we can start out with some of our own performance improvements.
re: Cloudflare, I did set it up for TLS for a while, but since it acts as a proxy it caused IP bans and IP address tracking to become useless. I didn't do any measurements re: performance etc though. Also that link I posted earlier refers to an issue with cloudflare when it comes to security - downloading webpages went through two hops, server to CF, CF to user, and it seems content wasn't encrypted or something while it went through CF, which due to a memory bug caused content from site A to end up on site B, which was then stored in e.g. google caches. Interesting problem, that. Not something we should be too worried about if we were affected I think, but still. Anyway, I should be able to lower security settings myself, wouldn't need a 3rd party in the middle for that - although measuring whether adding CF again improves performance and user engagement etc is still something to try out again. Although I'm pretty sure we can start out with some of our own performance improvements.
Mage
She/They
- AKA
- Mage
Not sure if right thread or not but here goes: I have an iPhone 4 and tried to log in earlier using the standard Safari shizzle. I put in my log in stuff, hit go and got an error message saying words to the effect of 'could not connect to the server'. This has happened a few times and if I refresh that usually sorts it, but today it wasn't playing ball and refresh was taking me to the forum homepage with me logged out. Is it just me or is there a bug?
Channy
Bad Habit
- AKA
- Ruby Rose, Lucy
Well there's your problem.
Mage
She/They
- AKA
- Mage
I have a SIM-only contract and I'm not about to start pissing away money on an all-singing model when my last phone was a Galaxy Ace with no apps DL'd in the entirety of my ownership of it. I do most of my internet shizzle via laptop still since I work in the dirt all day.
I digress. iOS version 9.3.5, have no fecking clue which version of Safari it is. I imagine it involves antelopes though.
I digress. iOS version 9.3.5, have no fecking clue which version of Safari it is. I imagine it involves antelopes though.