OSDev.org

The Place to Start for Operating System Developers
It is currently Sun Apr 23, 2017 11:37 pm

All times are UTC - 6 hours




Post new topic Reply to topic  [ 19 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: TLS for OSDev Website?
PostPosted: Sun Oct 16, 2016 11:54 pm 
Offline
Member
Member
User avatar

Joined: Wed Jul 13, 2011 7:38 pm
Posts: 487
Location: Victoria, Canada
Hey, here's a cool thing -- I've worked with numerous PHP applications that sh!t the bed if you convert them from HTTP to HTTPS.

Also, I'm a network engineer. I deal with OSI and TCP/IP stack crap daily and get paid for it. I know what I'm talking about.

_________________
The good thing about Unix is when it screws up, it does so very quickly.


Top
 Profile  
 
 Post subject: Re: TLS for OSDev Website?
PostPosted: Mon Oct 17, 2016 12:27 am 
Offline
Member
Member

Joined: Sat Mar 01, 2014 2:59 pm
Posts: 1069
It's still not that hard. In fact that's not even required, just recommended (as it prevents users from accidentally sending their existing authentication cookies over HTTP).

_________________
When you start writing an OS you do the minimum possible to get the x86 processor in a usable state, then you try to get as far away from it as possible.

Syntax checkup:
Wrong: OS's, IRQ's, zero'ing
Right: OSes, IRQs, zeroing


Top
 Profile  
 
 Post subject: Re: TLS for OSDev Website?
PostPosted: Wed Jan 25, 2017 12:42 am 
Offline

Joined: Thu Oct 06, 2016 10:08 am
Posts: 2
I actually forgot about this until I just saw that another service I use has the same issue, but to answer your concern Kazinsal, while I don't doubt you have used a lot of PHP applications that would lose it if they had TLS implemented into it, I do know for a fact that one can use nginx to implement a proxy to any web based server. Last year, I had tested this when I created my own personal certificate authority and loaded up a Jekyll server over nginx on localhost. Jekyll has no knowledge about anything that is going on with encryption and gets the same headers as usual. An example I have just loaded for this post is located at https://pastebin.com/hEsV08Sn. The PHP server itself will never know the difference. Proof of this is a sample capture I took when loading https://duckduckgo.com/ on Firefox. The capture is located at https://pastebin.com/Yx2fW64G.


Top
 Profile  
 
 Post subject: Re: TLS for OSDev Website?
PostPosted: Wed Jan 25, 2017 1:28 am 
Offline
Member
Member
User avatar

Joined: Thu Jul 12, 2012 7:29 am
Posts: 621
Location: Tallinn, Estonia
Kazinsal wrote:
Adding TLS to old non-TLS software such as phpBB is not as simple as flicking a magic switch even with things like Let's Encrypt.


It's exactly that simple - you tell reverse proxy to accept only https connections and add a server cert (or let letsencrypt install it) and that is exactly all that is needed, phpBB or not.

Are you sure you're a network engineer?

_________________
Learn to read.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 19 posts ]  Go to page Previous  1, 2

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group