mersenneforum.org  

Go Back   mersenneforum.org > Great Internet Mersenne Prime Search > PrimeNet

Reply
 
Thread Tools
Old 2017-01-21, 03:01   #1
Madpoo
Serpentine Vermin Jar
 
Madpoo's Avatar
 
Jul 2014

23·409 Posts
Default SSL is coming - prepare...

Hi all,

The Primenet server has SSL on it now. For the moment it's not being forced, but the goal is to switch traffic to SSL as soon as possible.

We realize that some of you use bots to grab stats directly from different pages so I wanted to be sure and mention the SSLization in advance so you can prepare and test.

There are also some proxies out there that fetch assignments/return results and those should also be checked to make sure they play nice with SSL.

I'm not sure what the rollout will look like exactly... I may start out by redirecting to https on the home page (at which point future clicks to links from there are all protocol relative). That will get some ssl flowing while still allowing the bots/proxies to work under http while they get things tested.

If you have questions or your particular usage isn't working well with SSL, you can reply here and let me know. I can try to help you through whatever issue, but ultimately I hope you're able to get your scripts or whatever working with the secure pages.
Madpoo is offline   Reply With Quote
Old 2017-01-22, 06:29   #2
0PolarBearsHere
 
0PolarBearsHere's Avatar
 
Oct 2015

2×7×19 Posts
Default

My quick test with curl appears to have worked just by changing the protocol to https. Either that or it redirected back to http. I should probably view the raw output.

Last fiddled with by 0PolarBearsHere on 2017-01-22 at 06:31
0PolarBearsHere is offline   Reply With Quote
Old 2017-01-22, 23:18   #3
chalsall
If I May
 
chalsall's Avatar
 
"Chris Halsall"
Sep 2002
Barbados

23·17·67 Posts
Default

Quote:
Originally Posted by Madpoo View Post
There are also some proxies out there that fetch assignments/return results and those should also be checked to make sure they play nice with SSL.
OK, GPU72's proxy is now using the PrimeNet SSL connection (required one additional REGEX line), and its observation spider is also (required one additional character).

Now let's hope that Mike gets https://www.MersenneForum.org/ operational....
chalsall is offline   Reply With Quote
Old 2017-01-24, 03:49   #4
Madpoo
Serpentine Vermin Jar
 
Madpoo's Avatar
 
Jul 2014

23×409 Posts
Default

Quote:
Originally Posted by 0PolarBearsHere View Post
My quick test with curl appears to have worked just by changing the protocol to https. Either that or it redirected back to http. I should probably view the raw output.
There isn't anything on the server that would redirect to/from http or https so hopefully that means you're a-ok.

That's good... maybe this weekend (or if I have a few free hours some night) I can enable an http -> https redirect and see how things go for a day or two... sometimes the way to find out who is using undocumented "features" or using an unknown method is to just change it and see who complains.
Madpoo is offline   Reply With Quote
Old 2017-01-24, 20:23   #5
Mark Rose
 
Mark Rose's Avatar
 
"/X\(‘-‘)/X\"
Jan 2013
Ͳօɾօղէօ

532 Posts
Default

I've updated my fork of mfloop.py and made a pull request to teknohog.
Mark Rose is offline   Reply With Quote
Old 2017-01-24, 21:04   #6
chalsall
If I May
 
chalsall's Avatar
 
"Chris Halsall"
Sep 2002
Barbados

216308 Posts
Default

Quote:
Originally Posted by Madpoo View Post
T...sometimes the way to find out who is using undocumented "features" or using an unknown method is to just change it and see who complains.
We haven't yet heard from Scott father of MISFIT.

Also, just because the downloadable code is updated doesn't mean the deployed code is.

Step carefully, and listen even more closely....
chalsall is offline   Reply With Quote
Old 2017-01-25, 06:46   #7
LaurV
Romulan Interpreter
 
LaurV's Avatar
 
Jun 2011
Thailand

5×11×157 Posts
Default

Scott is a busy guy who doesn't read these threads. PM him or write in the Misfit service thread, he is famous for fixing the bugs before we report them in that thread...
LaurV is offline   Reply With Quote
Old 2017-01-26, 15:50   #8
Madpoo
Serpentine Vermin Jar
 
Madpoo's Avatar
 
Jul 2014

CC816 Posts
Default

Quote:
Originally Posted by LaurV View Post
Scott is a busy guy who doesn't read these threads. PM him or write in the Misfit service thread, he is famous for fixing the bugs before we report them in that thread...
I emailed him already right after the cert was installed and he said he'd be trying it out. I don't know the current status of his tests... Misfit hits at least one custom page for assignments/results so at the very least I could make sure those don't get a redirect until I hear back.
Madpoo is offline   Reply With Quote
Old 2017-01-26, 17:37   #9
chalsall
If I May
 
chalsall's Avatar
 
"Chris Halsall"
Sep 2002
Barbados

23×17×67 Posts
Default

Quote:
Originally Posted by Madpoo View Post
I emailed him already right after the cert was installed and he said he'd be trying it out.
I also just emailed him giving this thread.
chalsall is offline   Reply With Quote
Old 2017-01-27, 12:15   #10
mattmill30
 
Aug 2015

43 Posts
Default

What's the rationale for converting the entire site to SSL?

I understand encrypting credentials, but why not offer https which delivers the current site and a http site which includes beneath the username and password boxes a "login securely" link which redirects to a https login screen?

This would save bandwidth and CPU resources for all pages which aren't sensitive.

Is the concern that the session ID or cookies (whichever are used) would be cleartext over a http connection?
Personally, I don't think this is a concern because the website accepts anonymous submissions, so a XSS attack is quite pointless.
mattmill30 is offline   Reply With Quote
Old 2017-01-27, 15:47   #11
Mark Rose
 
Mark Rose's Avatar
 
"/X\(‘-‘)/X\"
Jan 2013
Ͳօɾօղէօ

53718 Posts
Default

Browsers are already starting showing warnings when sites are loaded over HTTP. The overhead of HTTPS was a big deal fifteen years ago but is minimal today.

XSS is an issue: click this (though HTTPS won't fix this particular one).
Mark Rose is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Big milestone coming up schickel Aliquot Sequences 8 2011-07-29 10:54
Mersenne BOINC coming? frmky Software 27 2011-02-20 08:52
Dark times may be coming...? OmbooHankvald mersennewiki 10 2005-10-24 06:26
And the hits just keep on coming..... R.D. Silverman Factoring 13 2005-10-04 10:02
Coming to a DC project near you P4 2.4B/GA8SQ800 /pc3200 dragongoddess Hardware 0 2003-03-22 15:49

All times are UTC. The time now is 08:11.

Wed Aug 5 08:11:20 UTC 2020 up 19 days, 3:58, 1 user, load averages: 1.23, 1.39, 1.33

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.