LugerForum Discussion Forums - View Single Post

mrerick · 12-26-2015, 05:29 PM

I assume that the Fox article was discussing the use of SSL over HTTP. That is public key cryptography for all the session communications. It prevents things like passwords being sent from the browser to the server in the clear.

Lugerforum is being served over the standard port ":80" in the clear HTTP protocol.

No server responds when you try and access it through the secured SSL port ":443" HTTPS encrypted protocol.

Example:

https://lugerforum.com

Assuming he hasn't done it, in order to support SSL encrypted sessions, the server that John runs vBulletin the BBS software on will have to get it's own security certificate, and start supporting SSL.

There is a discussion over at the vBulletin site, but it's not a trivial change:

http://www.vbulletin.com/forum/forum...https-question

It would also probably involve migrating to a newer version of vBulletin and the underlying PHP platform that fixed some issues...

https://www.vbulletin.org/forum/showthread.php?t=274711

So...

I run a server out of my home that is SSL enabled, and that forces SSL usage. It uses a self signed certificate (which is free - but which causes problems since it doesn't trace to a certificate authority). The services I run are designed to require SSL (https://) which takes much of the work out of configuring things.

The issue for Lugerforum must boil down to how much the admins can put into upgrading vBulletin and then configuring and testing the platform for SSL. That is a bit of work!

Marc

12-26-2015, 05:29 PM	#3
mrerick Super Moderator - Patron LugerForum Life Patron Join Date: Dec 2009 Location: Eastern North Carolina, USA Posts: 3,925 Thanks: 1,377 Thanked 3,140 Times in 1,520 Posts	I assume that the Fox article was discussing the use of SSL over HTTP. That is public key cryptography for all the session communications. It prevents things like passwords being sent from the browser to the server in the clear. Lugerforum is being served over the standard port ":80" in the clear HTTP protocol. No server responds when you try and access it through the secured SSL port ":443" HTTPS encrypted protocol. Example: https://lugerforum.com Assuming he hasn't done it, in order to support SSL encrypted sessions, the server that John runs vBulletin the BBS software on will have to get it's own security certificate, and start supporting SSL. There is a discussion over at the vBulletin site, but it's not a trivial change: http://www.vbulletin.com/forum/forum...https-question It would also probably involve migrating to a newer version of vBulletin and the underlying PHP platform that fixed some issues... https://www.vbulletin.org/forum/showthread.php?t=274711 So... I run a server out of my home that is SSL enabled, and that forces SSL usage. It uses a self signed certificate (which is free - but which causes problems since it doesn't trace to a certificate authority). The services I run are designed to require SSL (https://) which takes much of the work out of configuring things. The issue for Lugerforum must boil down to how much the admins can put into upgrading vBulletin and then configuring and testing the platform for SSL. That is a bit of work! Marc __________________ Igitur si vis pacem, para bellum - - Therefore if you want peace, prepare for war.