Qbix wrote:

It is still in testing, but https://www.vogons.org is available.
Please let me know if you encounter a problem.

Let's Encrypt?

edit: Yup. Nice. I've got a few websites I'm going to use this on when their certs expire later this year.

https://www.ssllabs.com/ssltest/analyze.html? … &hideResults=on
purrfectly done, only my bank does better(sometimes), congratulations 😀

Thank you for keeping this site on an old, fast engine and SSL-free (optional). It is one of very few remaining that open on old PCs and browsers.

Qbix wrote:

It is still in testing, but https://www.vogons.org is available.
Please let me know if you encounter a problem.

Thanks Qbix!!

So it seems Firefox is complaining the "Connection is not secure" on many pages. Seems to be caused by non-HTTPS connections being used for images in peoples footers.

just noticed as well, entering this thread causes to drop secure connection with opera

Yeah it is caused by lightmasters signature.
I think he would need to change the url to start with

1//

so remove the

1http:

part.

Thanks for this.

For some added security you may want to add the following header:
X-Frame-Options: SAMEORIGIN

This will prevent any embedded, IFRAMES running.

You could also look into Content-Security-Policy header, but that one is a bit more complicated, esp since I see this site uses embedded javascript instead of linking to it in a .js file.

Qbix wrote:

Yeah it is caused by lightmasters signature. I think he would need to change the url to start with […]
Show full quote

Yeah it is caused by lightmasters signature.
I think he would need to change the url to start with

Copy code to clipboard

1//

so remove the

Copy code to clipboard

1http:

part.

Can something be added to auto apply such to peoples existing signatures. Expecting people to update them is likely problematic.

Qbix wrote:

Yeah it is caused by lightmasters signature. I think he would need to change the url to start with […]
Show full quote

Yeah it is caused by lightmasters signature.
I think he would need to change the url to start with

Copy code to clipboard

1//

so remove the

Copy code to clipboard

1http:

part.

Did try and didn't work, i'm sure i'ts my problem, pm me please.

It seems it doesn't work for the img tag 🙁
I have set your signature to https now, which works fine, but Ideally I'd like to get the other solution working as well. Although we can't do it for everything. The img hoster needs to support it as well. A perfect solution doesn't exist.

So the best I can offer is this:
If you use an image in your signature and the host of the image supports https, please change the link to use the https instead of http.

Thanks again Qbix!!

Sounds cool, but I can't use the HTTPS version of the site from Firefox 2.0 on Windows 98 FE. I get an error code. The regular version works perfectly fine, though this is the first time I'm trying it out.

Error establishing an encrypted connection to http://www.vogons.org. Error Code: -8092.

Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20

Um, I didn't think Firefox 2.0 supported HTTPS, is that correct?

It did, but only older style encryption. Modern websites use TLS 1.1 and above. Anything else is considered insecure. Even 1.1 is being phased out I believe.

Thanks Mr. Qbix.

Consider running with HSTS and pinning. Older browsers that don't understand will happily use the insecure site, while newer browsers that support it can enforce the TLS version.

I just noticed https is now working by default. Has it been that way for awhile and I'm just now noticing?

I thought back in December https was on by default, but...
Every time I go to "vogons.org" and login, it defaults to the http page unless I manually type the https part. On my trusted PCs, it's not an issue, as lastpass logs me into the secure page. But I do access this site from public PCs on occasion.