>echo $current_year >web browsers still don't gen

Isn't ssl more resource expensive?

>>52915793
Encryption costs system resources, and a lot of sites are already nearly overloaded with requests.

firefox nightly warns you about unsecure password forms and disables them, it will eventually get into stable

>>52915805
Yeah, about 1%
>>52915813
Fuck off

>>52915793
>echo $current_year
Not echo date('Y');
Wow

File: 196-ouch.png (243KB, 800x344px) Image search: [Google]

243KB, 800x344px

>>52915793
>""""""""""secure""""""""""
>implying I give a shit about encrypting my browsing habits

>>52915927
>I don't care about my privacy so neither should you

>>52915813
>https://github.com/gophergala2016/goad
>Rains down hell on web server using lamba
>nginx manages about 15,000 connections per second on http://
>nginx manages about 16,000 connections per second on https://
>muh performance

>>52915927
By the time you understand it'll be too late.

File: smoking.png (262KB, 800x402px) Image search: [Google]

262KB, 800x402px

>>52915969
>>52915979
If you've ever read people's emails and private files, you'd realize almost everyone leads a mundane existence, devoid of anything interesting.

I'm keeping it real here - my browsing habits are not worth shit to anyone.

>>52915979
Fuck off with your bullshit, nonsensical pseudo-prophetic "by the time you understand it will be too late", you're just a sad bitch wishing he'd be important enough to warrant saying that,

Also

>pretending there is a world conspiracy against people who browse the internet

File: 1455044271055.jpg (294KB, 900x900px) Image search: [Google]

294KB, 900x900px

Yes SSL is basically free now. Also I welcome the more frequent updates too.
Now everyone can relax and come back to PHP.

>>52915793
>http site
>password field
>send form
>Browser: "Want to save the password for this legit secure site?"

>https site with self signed cert
>Browser: "Hey buddy, this site is total insecure and shady you better go elsewhere or jump through 7 hoops to enter this site!"

>>52915927
>that pic
kek, saved

>>52915927
That's fine. I'd love to have your passwords and see what every website you go to. Maybe inject some "special code" for your dumbass :^)

>>52915793
you don't need https if the information is accessible by anyone anyway
sure, if you log in then it's ridiculous not to use it, but for a blog for example there is no reason

>>52916675
What if you want to comment but don't want your ISP to know what you are commenting?
What If you don't want people in your wifi network to know what blog posts you are reading?

https literally does nothing for half of the internet, consisting of news, cooking and blog sites.

>itt people who trust ssl companies not to give out root certs to nsa

>>52916700
>not living in a country with proper net neutrality laws keeping ISP's from spying on you
ayyy Ameriturds still have no freedumbs and privacy

Having talked with the relevant people, this is actually on the roadmap for Chrome, and eventually on the roadmap for Firefox and Edge.

Chrome dev and canary currently displays a lock with a big red cross over it, and as well as only supporting HTTP/2 over TLS, the browsers are also only supporting any new potentially privacy-impacting features via TLS as well.

They're also playing a very active role in the TLS Working Group at IETF in the design of TLS 1.3, which is going to be pretty damn fast and improved in a number of ways. (I know a few people working to support it with security proofs, which is something sorely lacking in older versions.)

Let's Encrypt are still in beta, but hopefully will be able to lift the limits soon. They'll also be generating ECDSA roots a little later this hear, and have ECDSA certificate support already in staging. Ed25519 will follow, and support in TLS is currently waiting on last call of the CFRG signature draft, which is (at last!) finalised, and a draft in PKIX and TLS following that.

>>52916891
>https://en.wikipedia.org/wiki/Telecommunications_data_retention

>>52915793
>>52915890
>yfw $current_year is hardcoded as 2010

>>52915793
>ssl certificates are available for free
>>52916013
>Yes SSL is basically free now.
How? Every CA charges money for them.

>>52917365
let'sencrypt is free, apparently

>>52917365
Let's encrypt is entirely free and entirely automatic, and several hosting providers are writing cpanel plugins to enable it

>>52917365
StartSSL has one for free too.

>>52917501
>>52917561
Certs issued by both of them aren't accepted by many mobile devices (phones, tablets) and on my PC by internet exploder. So those aren't solutions.
And don't tell me to install their root certs, because i cannot tell my clients/users to do so.
It has to be out-of-the-box solution.
Browsers shoudl implement it in the proper way, that is allow self signed certs to be used without some mundane alert popping up, there just should be info about entity's personality not being authenticated, but the connection is secure.

>>52917784
How recent is your knowledge? Letsencrypt is cross signed so it's root cert can be validated by other trusted CAs

The entire point of warning against a self signed cert is that there is no validation the connection hasn't been mitm'd. Encryption is only as good as your handshake.

>have to put my address in and make my address publicly available to get a SSL certificate

Fuck off NSA

>>52917850
>Letsencrypt is cross signed so it's root cert can be validated by other trusted CAs
I am aware of it.
> How recent is your knowledge?
* Xiamoi redmi 2, bought 1 month ago - not accepting let's encrypt, accepting startssl.
* Samsung galaxy tab 10.1, 1,5 years old - not liking both of free certs.
* Samsung galaxy trend plus 2,5 years old - not liking both of free certs
* no name "german made" chinese smartphone, bough 6 months ago - happily accepts both of those certs.

Many ad networks don't serve their ads on https. So switching is not feasible.

>>52917947
Huh, interesting. I wish I could pm you a website to check my certs on, but generally I don't care enough.

>>52918020
Less ads then.

>>52915813
This is actually something governments should regulate and kinda promote. So everyone's connections are safe.

File: aladdin-2.png (226KB, 800x529px) Image search: [Google]

226KB, 800x529px

>>52916568
Don't I feel special.
Once you've been through other people's files you'd understand.

>>52917365
Let's Encrypt (EFF's FOSS thingy) and StartSSL (Israeli company)

>>52917784
Certs issued by both of them work stock on every device if the website serves the cert chain properly.

>>52917947
You're not serving your chains properly. Run your website(s) through the ssllabs scanner to see where you're fucking up.

Why are there fucking free certs but not free domains?

>>52920558
What is .tk

>>52920568
Or freenom.com

>>52920568
I meant good domains.
All domains should be fucking free. It costs nothing to add a website to the records.

>>52920599
If all domains would be free the chinks would squad all domains and resell them.

>>52920648
>selling free things
OK.

>>52920668
It still has value because domains are unique. Dumbass.

>>52920668
Why not idiot. If I own a domain you want, I am not giving it out for free.

>>52920599
It costs money to run dns servers, root servers, routing them and shit
Also, If domains were free, every time a faggot thinks up a good name, it will register it without using it ever, causing a shortage of domain names
Then you have to use shit like myname521.com like you do when you register free emails

>>52920694
All domains worth shit have been bought long time ago.

>>52920711
false.

>>52920704
Then the prices shouldn't at least be so jew-tier.

>>52920725
10$ per year is jew tier?

>>52920725
Free domain names are available and you already complain about them being bad names.

And now you pretend jack1985.com would be a good domain name.

Your credibility really is close to zero.

>>52920744
Where do you pay 10$?

>>52920791
https://www.namecheap.com/domains.aspx#domain_tab_pricing

Depends on the TLD ofcourse.

>>52915805
Not substantially on modern hardware

>>52917501
>>52917522
>>52917850
>90 day CA validity
I love four times a year maintenance activities per domain name/server

>>52917561
had it, it's a meme. they issue a one year certificate for free but charge you if anything goes wrong (e.g. After heartbleed they charged for certificate revocations, leaving hundreds of thousands of potentially compromised certs in the wild and not revoked because people did not pay).

>>52920227
tons of people don't understand certificate chaining. firefox is generally smart if the top root is not chained down but it sees a valid intermediate. chrome rejects certificates that are not fully chained.

>>52915829
Ya know what I am gonna do then? All my passwordfields are gonna be input type="text", faggot. I don't give a shit.

>>52918027
nevermind fixed it myself

File: 1455173508826.jpg (113KB, 750x421px) Image search: [Google]

113KB, 750x421px

>>52920158
Oh hey NSA-kun, taking a break from work?

File: tips tinfoil.jpg (44KB, 446x413px) Image search: [Google]

44KB, 446x413px

>>52922055

>>52921900
>four times a year maintenance
It's literally a cron job you autistic fuck. I have mine set monthly with an email update to validate the status

>>52922004
More of a "works on all of machines", including my galaxy tab note 10.1, nexus 4, nexus 5, nexus 6, Ubuntu touch, PS vita, and numerous desktops and laptops.

>>52922243
what cron job are we talking about here? how universal is the platform/distro support on this?
i have several HTTP servers running on my NAS for instance (Apache, SABNZBd, CouchPotato, Sickbeard) and they all use the same certificate. if it's easily automated, then it's a different story.

>>52916001
I think Google disagrees there

>>52917501
>let's encrypt
>mozilla
are you sure that they won't revoke the certificate if I host "problematic" content?

>>52917871

https://letsencrypt.org/howitworks/

>>52922284
You can use the official program to do it automatically for you if you don't have the knowledge to do it yourself... It requires root access

>>52922284
It's a python script that you can either configure to run a local web server, configure to integrate with apache, or set up with a web root (that you can alias to any site) that then connects to letsencrypt, validates your site by the value of a page, then issues a signed cert locally to tour filesystem that you just hook into your server.

It's super easy. I'll show my nginx config when I get off the shitter

File: 1434991945611.gif (212KB, 501x585px) Image search: [Google]

212KB, 501x585px

>>52922183

>>52922338
>root access
kind of sucks for those on shared hosting. also, love the beta disclaimer.

Should be "good enough" for my NAS once my Comodo cert expires in 2 years.

>>52922344
>It's a python script that you can either configure to run a local web server, configure to integrate with apache, or set up with a web root (that you can alias to any site) that then connects to letsencrypt, validates your site by the value of a page, then issues a signed cert locally to tour filesystem that you just hook into your server.
that's bretty clever. so it basically the python script tells it what domain it's trying to get a cert for, letsencrypt says "get a file here with this value", the script creates the file in the public_html dir, and then letsencrypt validates it before sending the renewed cert back to the client? neat.

>>52922352
Well, I hear some are working on a cpanel plugin to make it work for shared hostings.
Even though vps is dirt cheap nowadays and I don't know why anyone would want to use shared hosting, unless they don't know how to operate a vps

>>52922347
>le goo boogeyman
/pol/ is that way!
*points finger at exit door*

>>52922371
Exactly

File: pol is present.webm (1MB, 640x480px) Image search: [Google]

1MB, 640x480px

>>52922380
>>>/reddit/

>>52922396
>>52922371
>>52922344

server {
        listen 80;
        server_name www.abc.com;
        return 301 $scheme://abc.com$request_uri;
}

server {
        listen   80; ## listen for ipv4; this line is default and implied
        server_name abc.com;
        return 301 https://$server_name$request_uri;
}

server {
        listen 443 ssl;
        ssl on;
        ssl_certificate /etc/letsencrypt/live/abc.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/abc.com/privkey.pem;

        root /var/www;
        index index.html;

        server_name abc.com;

        location /.well-known/acme-challenge/ {
                alias /var/letsencrypt/.well-known/acme-challenge/;
        }
}

File: 1450819766325.jpg (11KB, 213x250px) Image search: [Google]

11KB, 213x250px

>>52920208
>StartSSL (Israeli company)

>>52916001

nsa shill detected, that's what they want you to believe.

>>52922451
here's my cronjob

3 0 1 * * /root/letsencrypt.sh abc.com

and here's my letsencrypt.sh

#!/bin/bash

INSTALL_DIR=/opt/letsencrypt
KEY_SERVER=https://acme-v01.api.letsencrypt.org/directory
WEBROOT=/var/letsencrypt/
SERVER_NAME=$1

$INSTALL_DIR/letsencrypt-auto certonly -a webroot --webroot-path=$WEBROOT --renew-by-default --server=$KEY_SERVER -d $SERVER_NAME
service nginx reload

>>52915793
I don't use SSL for my public region and use a self signed cert for my private region.
I also have no method of accepting data from a user so I don't see the point of using SSL on the public region.

>>52918096
>government regulating SSL

What could go wrong?

>>52922566
>>52922451
>>52922371
Its important to note that this method could likely be applied to generating certs for remote machines as well, by just having a network-mounted webroot, and then uploading the generated cert via a different network mount.

But the better option for shared hosting is people like dream host, who are doing >>52922376

>>52916001
but your credit card info is. Your SSN is.

>>52917561
Yaeh but they suck, they charge money for the revocation certificate and such, which is just an absolute bad practice and should be punishable by closure, justifiable cost or not.

I hear cloudflare's free plan includes free https support.
So you can use a self signed certificate between your server and cloudflare's and then cloudflare reencrypts data with their own certificate to send to user..
4chan uses this kind of https
How's that?

I think your server doesn't even need to support https for it to work

>>52925621
Given that Let's Encrypt gives you 90 days for free, you're OK.
If you use Cloudflare to provide HTTPS and then let Cloudflare connect to you unencrypted, then the NSA or other nefarious parties are just going to sniff in-between.

File: WTFdude.jpg (150KB, 800x573px) Image search: [Google]

150KB, 800x573px

>>52918096
R u a fag or something?

>>52916519
basically this, and not loading a metric ton of vulnerable OpenSSL code just to serve static HTML files

>>52915793
Firefox Nightly do that.

>>52925834
Personally, I just pay for a real certificate for my public websites that I care about.
I have a domain that I use for dicking around and using email which i setup let's encrypt on

I'm just saying, cloud flare is an option for those who don't want to pay for a certificate, because it can use a self signed certificate that protects your from NSA and won't issue a browser warning at the same time

File: 1454198426373.jpg (30KB, 400x302px) Image search: [Google]

30KB, 400x302px

>mfw sites still don't use encryption even though it's free and takes <5 minutes to set up now

What's your excuse?

>>52922451

       {

}

fucking disgusting

>>52915793
>echo
>not printf "$(date +"%Y")\n"

>2016
>Some retard thinks every website needs to have a valid ssl cert
>Some browsers won't even go to a site because they specify "don't connect if no ssl"

I don't type passwords or fucking anything into the site why should I care

Fucking privacy memers

>>52915927
DNS lookups, etc are plaintext

>>52926362
>it's bad to include privacy features at no cost

>>52926437
It's bad to make a site fucking inaccessible because of the privacy meme

I don't have an account on your shit site = I don't need SSL. Warnings are enough.

>>52926257
Get over it. I just gave away 48 hours of research for free and you bitch about brace placement.

>>52926448
>inaccessible
Are you using windows 98?
How can you not visit a site using https with any computer made after 2007?

>>52926468
where do you think we are?

>>52926468

No one asked you to share it faggot.

>>52926478
Reddit

>>52926480
Go fuck yourself

>>52926472
If the site's certificate expires for some reason, HSTS bullshit can lock you out even if you don't benefit from HTTPS and aren't a windows/IE/Firefox/flash user that's going to get a drive-by virus.

>>52926505
So you have to add the site to exceptions for a few days until the site owner renews it?

>>52926257
There is literally nothing wrong with that

I bet you're one of those

function()
{

// code

}

faggots

>>52926560
Adding an HSTS exception is called "adding your own custom cert" and it's a long and horrible workaround for one-off sites

NSAS://

>secure

Suuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuure, Goym

>>52926583
I can vouch for this. Customer was running a self signed ssl3 cert on a dev server, which locked us out of development and testing for a good week since we couldn't verify deployed code.

>>52926583
Well, I don't have any experience with HSTS
But from my understandment, it's completely optional. so why would a one off site enable it?

>>52926569
>using whitespace at all
I just keep writing code until it wraps
#include<stdio.h>
int main(int argc,char **argv){char *a="ur an faget ";int y;int x;for(y=0;y<25;y++){for(x=0;x<80;x++){printf("%c",a[(80*y+x)%12]);}}return 0;}

File: amanda_show_mailmain.png (200KB, 638x433px) Image search: [Google]

200KB, 638x433px

>>52926659