Secure website upgrade

Tell us about your wildest feature dreams. Or just harmless suggestions for improvement.
Post Reply
User avatar
FineWine
Site Admin
Posts: 907
Joined: Wed May 28, 2008 2:41 am
Location: Tauranga, New Zealand

Secure website upgrade

Post by FineWine »

Will Bruji be switching over to the latest security encrypted website design (https) using the latest security certificates?

I can see a time when Browsers will not load anything but https sites. There are just to many baddies out there; key-loggers, ransomeware, spyware, malware and the list goes on.

Cheers
User avatar
Conor
Top Dog
Posts: 5346
Joined: Sat Jul 03, 2004 12:58 pm
Contact:

Re: Secure website upgrade

Post by Conor »

We have to update the SHA-1 certificate. Although SSL and https is indeed running Safari won't show the lock icon for SHA-1 certificates, as theoretically speaking SHA-1 algorithm can be comprises with some extreme arithmetic. Although it expires in September I'll likely do the renewal sooner. As you mention the internet is full of dangers and although nothing critical is on website, it's still nicer to have full SSL security.
User avatar
Conor
Top Dog
Posts: 5346
Joined: Sat Jul 03, 2004 12:58 pm
Contact:

Re: Secure website upgrade

Post by Conor »

SHA-1 has been reissued and replaced everywhere with SHA256. No more warnings. :D :)

Doghouse is still serving the cover images via HTTP from our content delivery network that is distributed. I'll update that soon, so that they are also delivered securely, even though they are only images, so that there is a full lock icon in Chrome and Safari.
User avatar
FineWine
Site Admin
Posts: 907
Joined: Wed May 28, 2008 2:41 am
Location: Tauranga, New Zealand

Re: Secure website upgrade

Post by FineWine »

Interesting - you are not showing https lock icon in either Safari 10.1 or Firefox 52.0.2 running on macOS 10.12.4
User avatar
Conor
Top Dog
Posts: 5346
Joined: Sat Jul 03, 2004 12:58 pm
Contact:

Re: Secure website upgrade

Post by Conor »

As of now all locations (including doghouse.bruji.com — I updated the image source to a non Bruji domain, that I can secure with the CDN) should be showing lock icons. Do click on URL bar and copy paste the URL to me, so that I can test it if you are not seeing it. They simply might be loading as http, if not redirected.
User avatar
FineWine
Site Admin
Posts: 907
Joined: Wed May 28, 2008 2:41 am
Location: Tauranga, New Zealand

Re: Secure website upgrade

Post by FineWine »

http://www.bruji.com/index.html
http://www.bruji.com/support.php
http://www.bruji.com/forum/
http://bruji.com/extras/
BUT
https://store5.esellerate.net/store/che ... atalog.htm

I tested all the menus, top and bottom of site (sample above) and the only https is the 'Buy' in Safari & Firefox.
In Firefox the technical information reads: Connection Not Encrypted. The website bruji.com does not support encryption for the page you are viewing.
User avatar
Nora
Site Admin
Posts: 2155
Joined: Sun Jul 04, 2004 5:03 am
Contact:

Re: Secure website upgrade

Post by Nora »

Changed any hard coded http: links. Now once https is set, it should stay enabled.
Post Reply