Will TLS or SSL be ever implemented?

Hello guys and gals ,

I am not sure this question came before, but would it be possible to implement TLS on this site?
I know tho original purpose was a discussion forum and those usually dont reaveal personal info,
but since some users organise sale of custom made parts or sale of their collection in here, we do
send out some personal info through personal messages.

I know I may be a bit paranoid, but I do not like transmitting personal stuff in plain text.
We could always communicate through mail or other channels about personal stuff,
but it has become a standard for every site to have TLS/SSL implemented. Would it be possible here,
or would it be too much work? To me (an unexperienced person in this) it would seem like a rational
evolutionary step of this site.

It’s been requested before, for the same reasons. The admin says he thinks the server couldn’t handle the extra computing. That baffles fellow server operators like me, but it’s his site.

Yes, TLS on the private messages would be a VERY good idea.

Well, maybe he could do a fundraiser, many users wouldnt mind chipping in a few bucks, it might cover any hardware and software updates.

I would like to be a supporting member of the site. Bladeforums requires a paid membership to have PM privileges probably because of the extra costs associated. I am a platinum member at bladeforums ($60 a year) and I would gladly contribute the same amount here as this site has saved me $100s.

Well, I think paid membership would not bode well for most members but I agree on many of us volunteering and chiping in, maybe Wikipedia style fundraiser to implement tls, upgrade server plus any software update costs (if there are any).

You could make it voluntary as opposed to mandatory. People who see value, will be able to contribute financially on a membership basis. I like to support those that help me and since I’m pretty much a flashlight n00b, I can’t offer much to the community in terms of knowledge but I could contribute financially.

Those members that contribute with their knowledge and advice are doing so much to help people like me so they shouldn’t have to contribute financially.

At Bladeforums.com, only a “Gold” membership ($30 a year) is required to be able to sell on their exchange and have a 100 message PM mailbox but I chose “Platinum” to show my appreciation to the hosts.

I would gladly do the same here if it was an option.

Well, according to arin.net 170.75.162.59 belongs to Luna Node, and Luna Node offers free SSL/TLS termination with letsencrypt on their load balancers for any plan that’s > $3/month.

The last time I looked it up, I’m pretty sure that wasn’t the case, so maybe Luna has improved their service, and now is the time to step up to TLS. Or, it’s possible there’s a mistake in my amateur sleuthing.

Still have the issue with mixed http/https with all the images, though.

Mixed http/https doesn’t break a site, and would far better than none, but that’s not how I recommend starting.
I propose starting by just making the Messages page link https by default. You don’t need to make TLS mandatory after you install it, technically the user could tweak the address bar at any time and switch between the two.

I agree with this as a way to get started but would there be a way to make sure a message started with TLS, stays TLS between participants?

Yes, after a week or so of giving users the choice to test it, it would be super easy to edit the Apache/Nginx config to force https on just the messages pages, but not the rest of the site.

Regardless of the admins and server owners’ views on SSL, it does need to be implemented, or eventually you won’t be able to access the site without clicking through a bunch of alarming security warnings.

> Mixed http/https doesn’t break a site, and would far better than none, but that’s not how I recommend starting.

This will break the site because Google are changing chrome to block insecure elements within secure pages.