Mr Robot Posted February 8, 2018 Share Posted February 8, 2018 I apologise for this being off topic but a lot of the Atari 8-bit websites I visit will be impacted by this and I expect most of the owners are members here and I wanted to give everyone who might not have seen it a heads up. As of July 2018, Google will continue its mission to make the entire web secure by marking any http website as insecure. This means that if you run a website and it's not using ssl, any visitors to your site will be told that the site is insecure and the url bar will say "Not Secure" before the address. This is just the first step, the next step is to warn people and force certificate creation locally if the site is still insecure. They did this last year to sites that allowed logins or accepted payments and in January switched on the warning/cert page. Safari and Chrome browsers will be affected by this, not Firefox or Edge. Free website certs are available, so are free personal (ie email) certs so if you run a website and you haven't already moved to encrypt it, I'd start thinking about doing it now. Again, sorry for the off topic! 2 Quote Link to comment Share on other sites More sharing options...
squonk Posted February 8, 2018 Share Posted February 8, 2018 https://letsencrypt.org/has worked for me as a source of free website certs. Later this month they will be offering free wildcard certs, that will work for all addresses in a domain. Just FYI. Quote Link to comment Share on other sites More sharing options...
gozar Posted February 8, 2018 Share Posted February 8, 2018 I put my personal sites behind Cloudflare and use their SSL. Easy as pie: https://gtia.com Quote Link to comment Share on other sites More sharing options...
+Nezgar Posted February 8, 2018 Share Posted February 8, 2018 This site (atariage.com) actually has functional HTTPS, but if you use it most links on the site will redirect you back to plain HTTP. Something for the admins to consider. 1 Quote Link to comment Share on other sites More sharing options...
Mr Robot Posted February 8, 2018 Author Share Posted February 8, 2018 https://letsencrypt.org/has worked for me as a source of free website certs. Later this month they will be offering free wildcard certs, that will work for all addresses in a domain. Just FYI. yep, thats who I use, getting that to work with NameCheap was a pita. Having to renew every 90 days is the only limitation. Quote Link to comment Share on other sites More sharing options...
+CharlieChaplin Posted February 9, 2018 Share Posted February 9, 2018 This site (atariage.com) actually has functional HTTPS, but if you use it most links on the site will redirect you back to plain HTTP. Something for the admins to consider. Thanks to this it works with the A8 and the Dragoncart (tested it). Make it full https and it does not work with Dragoncart anymore... Quote Link to comment Share on other sites More sharing options...
+Nezgar Posted February 9, 2018 Share Posted February 9, 2018 Nothing saying the site has to force HTTPS.. In this case it would be nice if I choose to connect via HTTPS that links don't downgrade me, and vice versa. Quote Link to comment Share on other sites More sharing options...
Fred_M Posted February 9, 2018 Share Posted February 9, 2018 I use letsencrypt for my atarimuseum.nl and rewindgames.eu websites. It integrates perfectly in Wordpress and Opencart. The 90 day limit is absolutey no problem. The certificates are renewed every 90 days automatically. You don't have to do anything yourself Quote Link to comment Share on other sites More sharing options...
ivop Posted February 9, 2018 Share Posted February 9, 2018 Forcing every website to go https is absurd. A lot of static pages don't need encryption and with encryption they are no longer cached and will lead to increased bandwidth usage. Not to mention all the wasted CPU power for useless encryption and decryption... But yeah, this is off-topic 3 Quote Link to comment Share on other sites More sharing options...
flashjazzcat Posted February 9, 2018 Share Posted February 9, 2018 Wasn't aware of these changes but I thought I might as well fix my site up in advance. Isn't taking long but it does seem rather unnecessary. Quote Link to comment Share on other sites More sharing options...
carlsson Posted February 9, 2018 Share Posted February 9, 2018 Nezgar: Albert is fully aware of the https issue, and has some explanations here: http://atariage.com/forums/topic/272561-insecure-password-warning-in-firefox 2 Quote Link to comment Share on other sites More sharing options...
Mr Robot Posted February 10, 2018 Author Share Posted February 10, 2018 Here are the Google security advisories https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.