mitsos Posted May 1, 2014 Report Share Posted May 1, 2014 Since I didn't see a forum related to the forum (no pun intended) I'm posting this here. Please set up redirect/rewrite for the forum to point to https. People arriving here and clicking the sign in button don't realise that the connection isn't encrypted. Even when on the https site though, the signing in triggers a "to be sent over unencrypted etc...etc..." error. In other words, please enable all HTTPS for the forum, no regular version. Defense against this being that it will impose a higher load on the server, are, IMHO, not valid, since the load is minimal. Thank you Quote Link to comment Share on other sites More sharing options...
Paul Posted May 1, 2014 Report Share Posted May 1, 2014 Thanks for the suggestion, I'll take a look at this shortly. When you use HTTPS it complains about some resources that link directly to http, so I need to figure out what's going on there first. Quote Link to comment Share on other sites More sharing options...
mitsos Posted May 2, 2014 Author Report Share Posted May 2, 2014 Linking something with http when using https shouldn't be a problem, since only that is left unencrypted. From a performance viewpoint, I found that the performance impact is so minimal, I always set up http > https redirects when a customer of mine orders an SSL certificate for his/her site. Quote Link to comment Share on other sites More sharing options...
S-Jack Posted May 3, 2014 Report Share Posted May 3, 2014 Thanks for the suggestion, I'll take a look at this shortly. When you use HTTPS it complains about some resources that link directly to http, so I need to figure out what's going on there first. The logo is one of them the actual link for it is "http://staging.blesta.com/forums/public/style_images/1_blesta-logo-ipboard.png" not https://www.blesta.com/forums/ or something Quote Link to comment Share on other sites More sharing options...
John Posted April 18, 2016 Report Share Posted April 18, 2016 I know this is a major topic bump, but SSL has not been implemented on the forum yet. Can we get it implemented sometime soon? Especially since we are sending usernames and passwords over an unencrypted connection. It does not even need to be forced, just an option for those of us who want it. Quote Link to comment Share on other sites More sharing options...
Paul Posted April 18, 2016 Report Share Posted April 18, 2016 I know this is a major topic bump, but SSL has not been implemented on the forum yet. Can we get it implemented sometime soon? Especially since we are sending usernames and passwords over an unencrypted connection. It does not even need to be forced, just an option for those of us who want it. We will be deploying a new server with a new website in the v4.0 timeline and forcing HTTPS for all connections. It's an issue currently with the existing website, and the current server. Soon John and Michael 2 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.