Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion. Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules. |
19th August 2017, 15:08 | #1 | Link |
German doom9/Gleitz SuMo
Join Date: Oct 2001
Location: Germany, rural Altmark
Posts: 6,784
|
Domain avisynth.nl unavailable via HTTPS
Who is actually the webmaster of the avisynth.nl domain?
The forum software of the German doom9/Gleitz board converts all HTTP links to HTTPS; so all links to https://avisynth.nl/index.php etc. lead to an outdated certificate. Some browsers warn of an insecure connection and discourage an exception, others display an error page in Dutch. Please forward and notify the responsible person. |
19th August 2017, 21:13 | #3 | Link |
German doom9/Gleitz SuMo
Join Date: Oct 2001
Location: Germany, rural Altmark
Posts: 6,784
|
The admin of the Gleitz forum is not the admin of avisynth.nl, though. And links in the Gleitz forum are just one possible example of a reason why someone might try to contact avisynth.nl via HTTPS.
|
19th August 2017, 21:21 | #4 | Link |
Registered User
Join Date: Dec 2005
Location: Germany
Posts: 1,795
|
So Gleitz "excludes" ~70% of the web just like that? There are tons of http only websites out there
__________________
AVSRepoGUI // VSRepoGUI - Package Manager for AviSynth // VapourSynth VapourSynth Portable FATPACK || VapourSynth Database |
19th August 2017, 21:35 | #5 | Link |
German doom9/Gleitz SuMo
Join Date: Oct 2001
Location: Germany, rural Altmark
Posts: 6,784
|
More and more websites switch to secure transport protocols on their own, instead. Like more and more software does not care anymore about compatibility with obsolete operating systems.
I only recommend the support of modern features, without a demand, for the advantage of the privacy-aware user, assuming that this support may be within the intentions of the domain owner. Now we are blamed for not being conservative. Why do you protect a flaw? Updating to a valid certificate won't lock out insecure connections. |
19th August 2017, 22:16 | #6 | Link | |
Software Developer
Join Date: Jun 2005
Location: Last House on Slunk Street
Posts: 13,248
|
Quote:
This happens, e.g., when the same HTTP server is used to serve multiple domains, but the admin missed to configure a matching certificate for each of those domains. (The same certificate can match different domains – either by using wildcard DNS names or by writing several different DNS names into the Subject Alternative Name extension – but here it doesn't work out)
__________________
Go to https://standforukraine.com/ to find legitimate Ukrainian Charities 🇺🇦✊ Last edited by LoRd_MuldeR; 19th August 2017 at 22:38. |
|
19th August 2017, 23:15 | #7 | Link |
German doom9/Gleitz SuMo
Join Date: Oct 2001
Location: Germany, rural Altmark
Posts: 6,784
|
This happens for several domains, some I recently contacted were able to implement acceptable certificates (including my own hoster). "Let's Encrypt" appears to be involved increasingly.
|
20th August 2017, 00:38 | #8 | Link |
HeartlessS Usurer
Join Date: Dec 2009
Location: Over the rainbow
Posts: 10,980
|
I presume that this is related:- SSL Report: forum.doom9.org (213.112.23.71)
https://www.ssllabs.com/ssltest/anal...orum.doom9.org I always have problem on Android 2.3.7 (GingerBread) trying to connect to the D9. [EDIT: Just gotta change https to http] Just tried with XP IE8, same. Both in red in above SSL report. Also, think that Google always provides links with https nowadays.
__________________
I sometimes post sober. StainlessS@MediaFire ::: AND/OR ::: StainlessS@SendSpace "Some infinities are bigger than other infinities", but how many of them are infinitely bigger ??? Last edited by StainlessS; 20th August 2017 at 00:41. |
20th August 2017, 01:46 | #9 | Link | |
Excessively jovial fellow
Join Date: Jun 2004
Location: rude
Posts: 1,100
|
Quote:
The issue with avisynth.nl is completely unrelated; it simply doesn't have a valid SSL certificate for that domain. The point of SSL is not only to encrypt traffic so you don't yell out your passwords and credit card numbers so loudly that every single bystander (including anyone mildly interested on the free wifi you're using) can hear it, but also to ensure you know who you're actually talking to. A very common ransomware/virus/malware infection vector these days is clicking some link that looks like it's a familiar site but in fact will take you somewhere that looks legit but steals your data and/or uses exploits to install malware. SSL certificates are therefore completely pointless if they don't match the domain you're connecting to - there's no point in encrypting the traffic if you're talking directly to someone who is interested in eavesdropping on it, after all. There is no reason for anything except the most trivial static pages on the open internet to use unencrypted HTTP today. It's very hard to overstate just how incredibly vulnerable anything running on plain HTTP is to all kinds of shenanigans, and sending passwords in cleartext over the internet in 2017 is basically ensuring they'll get into one of the gigantic username/password dumps floating around. The only reason you can get away with http on sites like d9 is that they're so obscure that it is unlikely that someone will bother to actually attack them. Last edited by TheFluff; 20th August 2017 at 02:38. |
|
21st August 2017, 02:38 | #10 | Link |
Broadcast Encoder
Join Date: Nov 2013
Location: Royal Borough of Kensington & Chelsea, UK
Posts: 2,905
|
@thefluff and @StainlesS... true. (little ot) Chrome hasn't been updated for quite some time on XP, 'cause Google support ended and has SSL issues with newer certificates. On the other hand, Firefox ESR is supposed to be supported (and updated) at least 'till middle 2018 and its own certificate manager handles pretty much everything. For instance, if you try to access Nyaa.si (popular anime torrent website) using HTTPS on Chrome, it'll end up with an error, while Firefox will load the page flawlessly. (End OT)
|
|
|