website does not allow https connection #11
Comments
|
AFAIK strawberryperl.com is hosted on dreamhost and it seems that its control panel has support for free letsencrypt certs: https://help.dreamhost.com/hc/en-us/articles/216539548-How-do-I-add-a-free-Let-s-Encrypt-certificate- I guess it shouldn't be too much work to enable it. |
|
@adamkennedy ping ^^ |
|
@adamkennedy ping a letter from Google: |
|
Pong
…On 20 June 2018 at 10:49, kmx ***@***.***> wrote:
@adamkennedy <https://github.com/adamkennedy> ping
a letter from Google:
To owner of http://strawberryperl.com/,
In July 2018, Chrome (version 68) will start showing
'NOT SECURE' warnings for all HTTP pages that it opens.
To prevent a 'Not Secure' warning from appearing when Chrome
users visit your site, you must serve your site over HTTPS.
Migrate your site to HTTPS to avoid triggering the new
warning on your site and to help protect users' data.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#11 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAHA_th3DyGpoyW2hnRhhzdDxKqOVRdwks5t-os_gaJpZM4Rz6wq>
.
|
Hi Adam could you please try to enable TLS via Let's Encrypt on strawberryperl.com hosting? It should be free and supported by Dreamhost - see https://help.dreamhost.com/hc/en-us/articles/216539548-How-do-I-add-a-free-Let-s-Encrypt-certificate- |
|
Soo uhh it seems like strawberryperl.com is completely down now? |
|
@adamkennedy could you please have a look at this? |
|
@adamkennedy can you please enable HTTPS? |
|
@adamkennedy is there a chance that you will find some spare time and set up the TLS on strawberryperl.com website? |
|
@adamkennedy or perhaps give someone else credentials to do this? (You can ping me if you need help finding someone :) ) |
|
As of about 2 months ago, I can't access webpages or download files from Strawberry Perl to my home network. To be clear, I'm not saying it's Strawberry Perl's fault that I can't access the website - that would be an unreasonable assertion. See https://www.perlmonks.org/?node_id=11112755 for more details of my situation (and workaround). Cheers, |
|
This will become a more of an issue shortly: https://security.googleblog.com/2020/02/protecting-users-from-insecure_6.html
|
|
ping @adamkennedy - we really, really need to set up the TLS on strawberryperl.com website |
|
I don't know if this will help establish contact with @adamkennedy, but this is he : There's a contact link on that page to his personal website: http://ali.as/ I can't access that ali.as site to see what's there because that is (apparently) yet another page to which my http access is being denied. |
|
http://ali.as/contact.html returns a 'not found', going back several years on the waybackmachine hasn't provided a working page. |
|
@sisyphus I have asked the similar question on https://www.reddit.com/r/perl/comments/epihpr/httpstrawberryperlcom_on_https/. As mentioned in comment 'There is a mirror hosted at https://strawberry.perl.bot/'. You can use that for now. It is manged by https://www.reddit.com/user/simcop2387/ I also faced similar problem in past and right now using it.Only thing is - maybe it can take some time for the new version to appear. e.g. for now there is no Perl 5.30.2.1 on that link which was release couple of days back. But, it will get the work done for now. |
|
@sudo-batman
Apologies, you aren't the person I should be asking :) If you frequent reddit could you please pass that on to simcop2387? I've emailed adamk at the cpan address some time ago, asking if this general issue can be addressed. |
|
@MartinMcGrath Didn't get a message through reddit or anything but I happened to be checking this thread today. My home internet is broken at the moment (ISP tech coming in a few hours). Once that's fixed I'll get that added. I had no idea that was there. I'll do some digging to find any other packages in there too. |
|
@simcop2387 Fantastic, thanks for the help. |
|
@MartinMcGrath After a harrowing 8.5 days of tethered cell phone internet, I am finally back in business with real internet. I'm grabbing those packages now and will have them uploaded asap. It's already looking much larger than I initially expected at first glance (up to 3 gigs and going) |
|
And upload is done. |
|
@simcop2387 This is fantastic thanks @adamkennedy Is there any chance strawberryperl.com can start using letsencrypt? |
|
Would be great it this can be done... I had been using strawberry.perl.bot as an alternative https location, but that's failing to work for me today - Chrome reporting ERR_SSL_VERSION_OR_CIPHER_MISMATCH. |
|
Who owns the domain, could it be pointed to the alternative site for the time ? (or is it tied in with the hosting). |
|
@ibrierley domains tend not to be tied to hosting in this manner, however the mirror mentioned above is no longer functional, and that doesn't address the real issue, all of the other existing links and documentation already pointing to strawberryperl.com. |
|
It seems that Mark Keating is currently working to resolve this issue. |
|
Looks like the issue can be closed: https://strawberryperl.com/ |
|
More to the point, $ curl -I http://strawberryperl.com/ HTTP/1.1 301 Moved Permanently Date: Thu, 17 Dec 2020 22:15:16 GMT Server: Apache Location: https://strawberryperl.com/ Content-Type: text/html; charset=iso-8859-1 (Emphasis mine.) |
|
Solved |
strawberryperl.com can not be accessed via https. This enables man in the middle attacks which can manipulate the downloaded strawberry perl interpreter.
Even though the checksums are provided, they are also not available via https.
Last but not least, the executable installer is not signed which enables possible attacks.
Accessing the website via https://strawberryperl.com leads to a certificate error:
Certificate issued to: sni.dreamhost.com
Issued by: sni.dreamhost.com
The text was updated successfully, but these errors were encountered: