Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Can we get SSL?
#1
I don't trust my connection and I prefer that the sites I log in support SSL. If money is a problem you can use Let's Encrypt.
Reply
#2
CloudFlare is a thing
Remember check out my project! http://forums.acidch.at/showthread.php?tid=115

(2015-08-19 09:19:53)aaaaaa123456789 Wrote: My next username will be ax6'); DROP DATABASE; --

If you do enjoy minecraft content try out this: https://www.youtube.com/playlist?list=PL...o57OGMOdCU
Reply
#3
CloudFlare is my biggest enemy, I hate it and its constant requests for filling a captcha every 5 minutes. I honestly prefer Let's Encrypt.
Reply
#4
Yea, im surprised ax6 hasnt jumped aboard the LetsEncrypt ship like everyone else
Nintendo hacker / Engineer
Reply
#5
(2016-07-21 21:11:52)z Wrote: CloudFlare is my biggest enemy, I hate it and its constant requests for filling a captcha every 5 minutes. I honestly prefer Let's Encrypt.
Its a settings... I use CloudFlare on PR3 and I have turned it off. Its disabled by default anyways.
Remember check out my project! http://forums.acidch.at/showthread.php?tid=115

(2015-08-19 09:19:53)aaaaaa123456789 Wrote: My next username will be ax6'); DROP DATABASE; --

If you do enjoy minecraft content try out this: https://www.youtube.com/playlist?list=PL...o57OGMOdCU
[-] The following 2 users say Thank You to isokissa3 for this post:
  • z, Zelante
Reply
#6
(2016-07-21 21:15:11)isokissa3 Wrote:
(2016-07-21 21:11:52)z Wrote: CloudFlare is my biggest enemy, I hate it and its constant requests for filling a captcha every 5 minutes. I honestly prefer Let's Encrypt.
Its a settings... I use CloudFlare on PR3 and I have turned it off. Its disabled by default anyways.

I suspected that but my previous forum must had it at "paranoid" settings, it was very annoying. If it never asks for a captcha and provides SSL I think it's a better idea than Let's Encrypt.
Reply
#7
(2016-07-21 21:17:23)z Wrote:
(2016-07-21 21:15:11)isokissa3 Wrote:
(2016-07-21 21:11:52)z Wrote: CloudFlare is my biggest enemy, I hate it and its constant requests for filling a captcha every 5 minutes. I honestly prefer Let's Encrypt.
Its a settings... I use CloudFlare on PR3 and I have turned it off. Its disabled by default anyways.
I suspected that but my previous forum must had it at "paranoid" settings, it was very annoying. If it never asks for a captcha and provides SSL I think it's a better idea than Let's Encrypt.
It kinda prevents DoS and helps fight agains bots
Remember check out my project! http://forums.acidch.at/showthread.php?tid=115

(2015-08-19 09:19:53)aaaaaa123456789 Wrote: My next username will be ax6'); DROP DATABASE; --

If you do enjoy minecraft content try out this: https://www.youtube.com/playlist?list=PL...o57OGMOdCU
Reply
#8
(2016-07-21 21:18:32)isokissa3 Wrote:
(2016-07-21 21:17:23)z Wrote:
(2016-07-21 21:15:11)isokissa3 Wrote: Its a settings... I use CloudFlare on PR3 and I have turned it off. Its disabled by default anyways.
I suspected that but my previous forum must had it at "paranoid" settings, it was very annoying. If it never asks for a captcha and provides SSL I think it's a better idea than Let's Encrypt.
It kinda prevents DoS and helps fight agains bots

The problem is that all Tor users get detected as bots depending on your configuration so they get a captcha every 5 minutes.
[-] The following 1 user says Thank You to z for this post:
  • Zelante
Reply
#9
1) CloudFlare has nothing to do with SSL and more to do with DDoS protection. Comparing CloudFlare to Let's Encrypt is like comparing a keyboard to a wall.

2) I could get a certificate. The reason why I haven't is mostly related to administration time, and to the fact that the server is quite burdened already.

3) We don't have a bot issue due to the fact that accounts are approved manually.
If you need to contact me for any reason, or if you have any questions, concerns, problems or requests, message me here or email me at aaaaaa123456789@acidch.at.

This forum has been around for (loading...)
[-] The following 2 users say Thank You to aaaaaa123456789 for this post:
  • AN|0N, Zelante
Reply
#10
(2016-07-22 03:57:40)aaaaaa123456789 Wrote: 1) CloudFlare has nothing to do with SSL and more to do with DDoS protection. Comparing CloudFlare to Let's Encrypt is like comparing a keyboard to a wall. 2) I could get a certificate. The reason why I haven't is mostly related to administration time, and to the fact that the server is quite burdened already. 3) We don't have a bot issue due to the fact that accounts are approved manually.
CloudFlare provides you free SSL and they try patch new exploits Smile

Example (Kinda not "new"): https://blog.cloudflare.com/cloudflare-s...m-httpoxy/
Remember check out my project! http://forums.acidch.at/showthread.php?tid=115

(2015-08-19 09:19:53)aaaaaa123456789 Wrote: My next username will be ax6'); DROP DATABASE; --

If you do enjoy minecraft content try out this: https://www.youtube.com/playlist?list=PL...o57OGMOdCU
Reply
#11
(2016-07-22 08:33:53)isokissa3 Wrote: CloudFlare provides you free SSL

CloudFlare provides me nothing; they are just an SSL terminator like any other proxy, but their connection with my servers will be cleartext just as it is right now.
If you need to contact me for any reason, or if you have any questions, concerns, problems or requests, message me here or email me at aaaaaa123456789@acidch.at.

This forum has been around for (loading...)
[-] The following 1 user says Thank You to aaaaaa123456789 for this post:
  • AN|0N
Reply
#12
(2016-07-22 09:41:38)aaaaaa123456789 Wrote:
(2016-07-22 08:33:53)isokissa3 Wrote: CloudFlare provides you free SSL
CloudFlare provides me nothing; they are just an SSL terminator like any other proxy, but their connection with my servers will be cleartext just as it is right now.
Yeah but Client <-> Proxy data is encrypted and as cleartext at your end it doesn't require beter server Smile
Remember check out my project! http://forums.acidch.at/showthread.php?tid=115

(2015-08-19 09:19:53)aaaaaa123456789 Wrote: My next username will be ax6'); DROP DATABASE; --

If you do enjoy minecraft content try out this: https://www.youtube.com/playlist?list=PL...o57OGMOdCU
Reply
#13
So what's the benefit of encrypting half the tunnel, if the data can be captured in the other half anyway?
If you need to contact me for any reason, or if you have any questions, concerns, problems or requests, message me here or email me at aaaaaa123456789@acidch.at.

This forum has been around for (loading...)
Reply
#14
(2016-07-22 13:02:26)aaaaaa123456789 Wrote: So what's the benefit of encrypting half the tunnel, if the data can be captured in the other half anyway?
If u don't have any viruses all is OK?!? Big Grin

Adn wait, don't cloudflare encrypt it to your server too..? At least I had to setup SSL to my server to make it work (self signed ofc).
Remember check out my project! http://forums.acidch.at/showthread.php?tid=115

(2015-08-19 09:19:53)aaaaaa123456789 Wrote: My next username will be ax6'); DROP DATABASE; --

If you do enjoy minecraft content try out this: https://www.youtube.com/playlist?list=PL...o57OGMOdCU
Reply
#15
If CloudFlare can encrypt the connection to your server, that means that your server already has SSL... which in turn means that CloudFlare cannot be providing it, since you already have it.

Stop reciting marketing speeches; those companies sell a lot of smoke.
If you need to contact me for any reason, or if you have any questions, concerns, problems or requests, message me here or email me at aaaaaa123456789@acidch.at.

This forum has been around for (loading...)
[-] The following 3 users say Thank You to aaaaaa123456789 for this post:
  • AN|0N, Pandoras Fox, Zelante
Reply
#16
(2016-07-22 03:57:40)aaaaaa123456789 Wrote: 2) I could get a certificate. The reason why I haven't is mostly related to administration time, and to the fact that the server is quite burdened already.

Most ssl solutions have a neglible overhead at this point
h
[-] The following 1 user says Thank You to Pandoras Fox for this post:
  • AN|0N
Reply
#17
(2016-07-23 02:35:30)Pandoras Fox Wrote:
(2016-07-22 03:57:40)aaaaaa123456789 Wrote: 2) I could get a certificate. The reason why I haven't is mostly related to administration time, and to the fact that the server is quite burdened already.

Most ssl solutions have a neglible overhead at this point

Yeah, indeed, if the SSL is going to break the server, the server is kinda fucked...
Reply
#18
I've been having to troubleshoot the server suddenly getting spikes of load (a few days I saw the server load hit 20, wtf). I know something must be misconfigured, but honestly I didn't have the time to actually find out what's going on.

I'll look into this when I have the time, but I said, the reason why I haven't done it is the time it takes, which I haven't had. Same with many other fixes. This semester has been quite rough on me, sadly.
If you need to contact me for any reason, or if you have any questions, concerns, problems or requests, message me here or email me at aaaaaa123456789@acidch.at.

This forum has been around for (loading...)
Reply
#19
I had a good laugh reading this thread, have never seen cloudflare compared to something non sequitur before this. Wonders never cease.
Reply
#20
I have a new ish server I'm moving some stuff to, so the longer term plan should relieve enough load on the server to easily allow SSL. Will probably take a while to configure (and I'll probably end up with LetsEncrypt), but I think it is quite reasonable to put on the longer term feature list. If ax6 doesn't have enough time to do it I might at some point.

Also, re the cloudflare points above, a reverse proxied ssl client<>ssl cloudflare<>plaintext server connection would still be more secure by quite a bit than current, as you can avoid man in the middle attacks near the client side, as well as eavesdropping on open networks. Doing backbone traffic snooping is more an NSA thing, which I don't think we have to worry about too much.
Reply




Users browsing this thread: 1 Guest(s)