Full Games List
Featured Games
New Games
Reviews
Media
Images
Blogs
Game Updates
Images Feedback Summary
Game Design Highlights
Tutorials
Articles
Scripts
Utilities / Plugins
Resources
Engines
Engine Bulletins
What is Makerscore?
Past Events
Achievements
Misaos
Forums
Post History
Chat
New to RMN?
Full Store List
RMN Music Pack (free)
RMN AND SSL (HTTPS)
Posts
Pages:
1
ankylo
View playlists
CloseSometime in the next few weeks, I plan to start making RMN an https only site. Requests to http://rpgmaker.net will automatically be redirected to https://rpgmaker.net.
When this change happens the site will not support SSLv2, SSLv3, or TLS versions below 1.2. SSLv2 is pretty old and hasn't been supported in browsers since the mid 90's. SSLv3 was disabled by default in many modern browsers after the POODLE attack.
You can learn whether or not your browser supports TLS v1.2 here:
https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers
We'll be getting our certificates from the Let's Encrypt project. These certs are pretty new, but should be trusted in all major modern browsers. You can visit this site: https://letsencrypt.daylightpirates.org/ to see whether or not your browser trusts / supports Let's Encrypt certs. If you get a green lock (or whatever else your browser does) next to the URL in the address bar, then you are probably good to go.
If anyone has any issues with this change, please let me know!
When this change happens the site will not support SSLv2, SSLv3, or TLS versions below 1.2. SSLv2 is pretty old and hasn't been supported in browsers since the mid 90's. SSLv3 was disabled by default in many modern browsers after the POODLE attack.
You can learn whether or not your browser supports TLS v1.2 here:
https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers
We'll be getting our certificates from the Let's Encrypt project. These certs are pretty new, but should be trusted in all major modern browsers. You can visit this site: https://letsencrypt.daylightpirates.org/ to see whether or not your browser trusts / supports Let's Encrypt certs. If you get a green lock (or whatever else your browser does) next to the URL in the address bar, then you are probably good to go.
If anyone has any issues with this change, please let me know!
NTC3
5625
Woah, we are actually doing this?! Well, you know I've pushed for it before, but I didn't really expect this to happen until next year or so. Anyway, great work!
Is this really a good idea? While RMN's server's are much better than they used to be, it still takes awhile to fill a request.
Seriously every time I see POODLE attack I think this.
On the serious side, my browser is set and ready to go. Thanks for the heads up Anky.
On the serious side, my browser is set and ready to go. Thanks for the heads up Anky.
I'm not 100% sure what this means.
Is it like, more secure servers that are resistant to malicious internet attack or something?
Is it like, more secure servers that are resistant to malicious internet attack or something?
NTC3
5625
It's not the server security per se but the connection security. SSL basically verifies the connection between website and the computer, and more-or-less prevents the insertion of various Trojans and other spyware by third parties in between, which can easily happen on normal sites. It's not about protecting server but protecting you.
Having said that, there's a notable benefit to the website to this as well; search engine algorithms are already being taught to upgrade HTTPS websites in their page ranks, and this is going to become more prominent over time. Getting a little boost like this certainly wouldn't go amiss.
Having said that, there's a notable benefit to the website to this as well; search engine algorithms are already being taught to upgrade HTTPS websites in their page ranks, and this is going to become more prominent over time. Getting a little boost like this certainly wouldn't go amiss.
fdelapena
180
+1
This is a must. I'm using HTTPS last years and it is really worth.
ps: Don't forget to support OCSP stapling for server performance saving. This SSL Configuration Generator is worth to follow. We used it also to get better SSL server results with some additional tweaks to use 256-bit ciphers only and HPKP.
This is a must. I'm using HTTPS last years and it is really worth.
ps: Don't forget to support OCSP stapling for server performance saving. This SSL Configuration Generator is worth to follow. We used it also to get better SSL server results with some additional tweaks to use 256-bit ciphers only and HPKP.
Is there anything in the works to not allow insecure avatar URLs? Looks like that'd be the last step in getting a fully secure page load.
author=WIP
Is there anything in the works to not allow insecure avatar URLs? Looks like that'd be the last step in getting a fully secure page load.
Yes. I've thought about only allowing avatars from lockers, or giving users avatar space on the site as that feels the most secure, but at the very least could require https for all new avatars.
Pages:
1
