Comments (12)
The webserver is hosted on the same server where Kontalk Beta server is hosted (beta.kontalk.net), however port 443 is used by the server itself for future support for corporate proxy connections through HTTPS tunneling. I really don't know what we could do about it if we don't get another IP address for the server (which DigitalOcean doesn't provide) or moving the website to another server.
However... I could probably proxy Tigase through Apache and make it tunnel to Tigase when requests come to the default virtual host or to beta.kontalk.net. I will do some experiments.
Please note that certificate will be issued by CACert.org, so no support for the major browsers, sorry (we can't afford it).
from website.
Hi, thanks for all the precisions, I was just curious about the https. It's ok for CACert, maybe when Mozilla will launch let's encrypt it will be easier. Never someone should have to pay for a https website. I myself run website with an autogenerated self signed certificate. So people have to click the scary "connection unsecure" warning.
Just a curious question: when 3.0.1 will go live, will you change the server name beta.kontalk.net to something else?
from website.
Server name will remain beta.kontalk.net. It's the actual server name, it's called "beta" because it's the second server (although the first one wasn't "alpha" but "prime", but you know... naming :-).
from website.
Please note that certificate will be issued by CACert.org, so no support for the major browsers, sorry (we can't afford it).
Why not just use StartSSL, a CA included in all important browsers, which also provides free certificates? Or wait until Let's Encrypt is ready and use certs from there.
from website.
@rguk we've actually migrated to StartSSL recently, so no certificate trust problem.
from website.
https://www.kontalk.org/ still delivers a wrong certificate (wrong domain). As it's valid for https://www.kontalk.net/ I can go to https://www.kontalk.net/, but this connection also times out. The same with https://beta.kontalk.net and if I ignore the wrong-domain-warning of https://www.kontalk.org/ it does not connect too.
from website.
Oh I'm sorry I didn't mean I've fixed the issue. I meant that we changed our certificate authority.
from website.
Okay, as I saw you finally enabled HTTPS there.
However your TLS config is still bad and you should really improve it.
FYI I've created a ruleset for the Kontalk domains.
from website.
Thanks @rugk. I've tried to improve it today but the server runs Debian Squeeze which is quite old and has Apache 2.2.16. I'll need to upgrade that first because for a start ECDH/ECDSA is not supported by that version.
from website.
Well... keeping software up-to-date is not a bad idea.
You have to use at least Apache 2.4 to use a modern cipher suite.
from website.
BTW translate.kontalk.org still uses a CAcert cert.
And you still do not seem to have updated Apache and your TLS config.
from website.
Thanks @rugk, I know. I'm having troubles following all the Kontalk stuff because of some life and work issues. Besides, translate.kontalk.org is hosted on an old Debian version so it needs special care to update Apache.
from website.
Related Issues (20)
- Alternative repository HOT 3
- Please remove Google Analytics! HOT 3
- Please move F-droid logo to the top HOT 2
- Move out of beta HOT 1
- rethink slogan HOT 7
- Aptoide link 404s HOT 1
- Update app icon and screenshots
- Redesign kontalk.net
- Links to all clients in kontalk.org
- Switch to new kontalk.org HOT 2
- Redesign kontalk.org HOT 14
- Many unused CSS selectors HOT 5
- Shapeshift donation button
- New 2017 icon and 4.0 screenshots
- Add quitter and identi.ca HOT 2
- Weblate registration is not working HOT 3
- Not able to find download link HOT 1
- Donation by subscription PayPal button HOT 1
- Documentation plan HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from website.