VOGONS


HTTPS is available

Topic actions

First post, by Qbix

User metadata
Rank DOSBox Author
Rank
DOSBox Author

It is still in testing, but https://www.vogons.org is available.
Please let me know if you encounter a problem.

Water flows down the stream
How to ask questions the smart way!

Reply 1 of 21, by clueless1

User metadata
Rank l33t
Rank
l33t
Qbix wrote:

It is still in testing, but https://www.vogons.org is available.
Please let me know if you encounter a problem.

Let's Encrypt?

edit: Yup. Nice. I've got a few websites I'm going to use this on when their certs expire later this year.

The more I learn, the more I realize how much I don't know.
OPL3 FM vs. Roland MT-32 vs. General MIDI DOS Game Comparison
Let's benchmark our systems with cache disabled
DOS PCI Graphics Card Benchmarks

Reply 3 of 21, by j7n

User metadata
Rank Newbie
Rank
Newbie

Thank you for keeping this site on an old, fast engine and SSL-free (optional). It is one of very few remaining that open on old PCs and browsers.

Reply 4 of 21, by lightmaster

User metadata
Rank Oldbie
Rank
Oldbie
Qbix wrote:

It is still in testing, but https://www.vogons.org is available.
Please let me know if you encounter a problem.

Thanks Qbix!!

25071588525_735097840e_b.jpg

Reply 6 of 21, by mrau

User metadata
Rank Oldbie
Rank
Oldbie

just noticed as well, entering this thread causes to drop secure connection with opera

Reply 7 of 21, by Qbix

User metadata
Rank DOSBox Author
Rank
DOSBox Author

Yeah it is caused by lightmasters signature.
I think he would need to change the url to start with

//

so remove the

http:

part.

Water flows down the stream
How to ask questions the smart way!

Reply 8 of 21, by laxdragon

User metadata
Rank Member
Rank
Member

Thanks for this.

For some added security you may want to add the following header:
X-Frame-Options: SAMEORIGIN

This will prevent any embedded, IFRAMES running.

You could also look into Content-Security-Policy header, but that one is a bit more complicated, esp since I see this site uses embedded javascript instead of linking to it in a .js file.

laxDRAGON.com | My Game Collection | My Computers | YouTube

Reply 9 of 21, by kolano

User metadata
Rank Oldbie
Rank
Oldbie
Qbix wrote:
Yeah it is caused by lightmasters signature. I think he would need to change the url to start with […]
Show full quote

Yeah it is caused by lightmasters signature.
I think he would need to change the url to start with

//

so remove the

http:

part.

Can something be added to auto apply such to peoples existing signatures. Expecting people to update them is likely problematic.

Eyecandy: Turn your computer into an expensive lava lamp.

Reply 10 of 21, by lightmaster

User metadata
Rank Oldbie
Rank
Oldbie
Qbix wrote:
Yeah it is caused by lightmasters signature. I think he would need to change the url to start with […]
Show full quote

Yeah it is caused by lightmasters signature.
I think he would need to change the url to start with

//

so remove the

http:

part.

Did try and didn't work, i'm sure i'ts my problem, pm me please.

25071588525_735097840e_b.jpg

Reply 11 of 21, by Qbix

User metadata
Rank DOSBox Author
Rank
DOSBox Author

It seems it doesn't work for the img tag 🙁
I have set your signature to https now, which works fine, but Ideally I'd like to get the other solution working as well. Although we can't do it for everything. The img hoster needs to support it as well. A perfect solution doesn't exist.

So the best I can offer is this:
If you use an image in your signature and the host of the image supports https, please change the link to use the https instead of http.

Water flows down the stream
How to ask questions the smart way!

Reply 12 of 21, by lightmaster

User metadata
Rank Oldbie
Rank
Oldbie

Thanks again Qbix!!

25071588525_735097840e_b.jpg

Reply 13 of 21, by FFXIhealer

User metadata
Rank Oldbie
Rank
Oldbie

Sounds cool, but I can't use the HTTPS version of the site from Firefox 2.0 on Windows 98 FE. I get an error code. The regular version works perfectly fine, though this is the first time I'm trying it out.

Error establishing an encrypted connection to http://www.vogons.org. Error Code: -8092.

Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20

292dps.png
3smzsb.png
0fvil8.png
lhbar1.png

Reply 14 of 21, by keenmaster486

User metadata
Rank l33t
Rank
l33t

Um, I didn't think Firefox 2.0 supported HTTPS, is that correct?

World's foremost 486 enjoyer.

Reply 15 of 21, by laxdragon

User metadata
Rank Member
Rank
Member

It did, but only older style encryption. Modern websites use TLS 1.1 and above. Anything else is considered insecure. Even 1.1 is being phased out I believe.

laxDRAGON.com | My Game Collection | My Computers | YouTube

Reply 16 of 21, by KurtHectic

User metadata
Rank Newbie
Rank
Newbie

Thanks Mr. Qbix.

W10: Phenom II X6 1090T@3.2GHz/6GB DDR3 1333/Radeon HD 6450 1GB DDR3
XP: *building* Athlon X2 6000/2GB DDR2 800/Geforce 7950GT 512MB
DOS/W98SE: PIII 550MHz/256MB PC100/Geforce FX 5200 128MB

Reply 17 of 21, by calvin

User metadata
Rank Member
Rank
Member

Consider running with HSTS and pinning. Older browsers that don't understand will happily use the insecure site, while newer browsers that support it can enforce the TLS version.

2xP2 450, 512 MB SDR, GeForce DDR, Asus P2B-D, Windows 2000
P3 866, 512 MB RDRAM, Radeon X1650, Dell Dimension XPS B866, Windows 7
M2 @ 250 MHz, 64 MB SDE, SiS5598, Compaq Presario 2286, Windows 98

Reply 18 of 21, by clueless1

User metadata
Rank l33t
Rank
l33t

I just noticed https is now working by default. Has it been that way for awhile and I'm just now noticing?

The more I learn, the more I realize how much I don't know.
OPL3 FM vs. Roland MT-32 vs. General MIDI DOS Game Comparison
Let's benchmark our systems with cache disabled
DOS PCI Graphics Card Benchmarks

Reply 19 of 21, by clueless1

User metadata
Rank l33t
Rank
l33t

I thought back in December https was on by default, but...
Every time I go to "vogons.org" and login, it defaults to the http page unless I manually type the https part. On my trusted PCs, it's not an issue, as lastpass logs me into the secure page. But I do access this site from public PCs on occasion.

The more I learn, the more I realize how much I don't know.
OPL3 FM vs. Roland MT-32 vs. General MIDI DOS Game Comparison
Let's benchmark our systems with cache disabled
DOS PCI Graphics Card Benchmarks