HTTPS Fully up and running

[Stackprotector]

Hi guys,


Just wanted to note you that I have put up a valid SSL/TLS certificate and you are now more secure. In the coming days we will fine tune this for optimal security.


https://evilzone.org/ <---


Edit/Note:
Try removing external avatar's and upload them here. We might remove that feature in the near future.

[bluechill]

SMF doesn't work properly with SSL.  Also my cert was valid....

[proxx]

SMF doesn't work properly with SSL.  Also my cert was valid....

https://evilzone.org/hacking-and-security/session-hijacking-evilzone/
I suppose you mean this ?

Anyway, thanks guys.


*edit*
Just verified that it indeed and as expected does not resolve the issue of sending unecrypted traffic.

[Stackprotector]

SMF doesn't work properly with SSL.  Also my cert was valid....

https://evilzone.org/hacking-and-security/session-hijacking-evilzone/
I suppose you mean this ?

Anyway, thanks guys.


*edit*
Just verified that it indeed and as expected does not resolve the issue of sending unecrypted traffic.

I think i can verify that my security policies fixed this. My wireshark does not pick up any HTTP trafic only HTTPS.

[proxx]

I think i can verify that my security policies fixed this. My wireshark does not pick up any HTTP trafic only HTTPS.

I will recheck and post my findings tonight.
Thanks for the attention

[Stackprotector]

I will recheck and post my findings tonight.
Thanks for the attention

Also not that it might depend on a browsers https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security which is good against certain attack vectors and translates all local http links to https. Thanks!

[bluechill]

SMF also doesn't use SSL urls everywhere too so it will call non secure ones from http negating the point of SSL.  That's the reason we only up until now used my CA cert which was valid just not made by an authority other than the EvilZone Certificate signing authority.

[Stackprotector]

SMF also doesn't use SSL urls everywhere too so it will call non secure ones from http negating the point of SSL.  That's the reason we only up until now used my CA cert which was valid just not made by an authority other than the EvilZone Certificate signing authority.

That's why i used HSTS.

[kenjoe41]

just imagine my horror on my first use of a commandline browser (lynx) and it redirects me to https://evilzone.org.
And am like "What?", Is something wrong or does this browser forcefully use ssl. Anyway, now i see their is nothing wrong.
Thanks guys.

[bluechill]

That's why i used HSTS.

I didn't realize you were using hsts but since you configured it that way, that should be fine.

[proxx]

Could not reproduce it thus far.
Firefox still gives a message about unencrypted traffic at times.

Thanks for fixing that Factionwars.

Will check again

[Axon]

This what I have been waiting for a long time. Thank you Factionwars

[Kulverstukas]

For the love of GOD DISABLE forced SSL. Shit's so cray! I always get this stupid warning everytime I try to do something: https://support.mozilla.org/en-US/questions/964250

among other really stupid problems like page refreshing itself when I press the back button - WTF!!, fuckin' christ.

[proxx]

That is still better than sending everything in the fucking clear although I can understand the discomfort.
Funny because I use FF and have just but a few warnings here and there.

[I_Learning_I]

Even without wireshark or anything Mr Google Chrome is telling me there's non secure data being transferred.
Doesn't accuse any problem with certification tho.