Will TLS or SSL be ever implemented?

10 posts / 0 new
Last post
Dr.Phillip
Dr.Phillip's picture
Offline
Last seen: 1 week 2 days ago
Joined: 09/26/2019 - 04:23
Posts: 125
Will TLS or SSL be ever implemented?

Hello guys and gals ,

I am not sure this question came before, but would it be possible to implement TLS on this site?
I know tho original purpose was a discussion forum and those usually dont reaveal personal info,
but since some users organise sale of custom made parts or sale of their collection in here, we do
send out some personal info through personal messages.

I know I may be a bit paranoid, but I do not like transmitting personal stuff in plain text.
We could always communicate through mail or other channels about personal stuff,
but it has become a standard for every site to have TLS/SSL implemented. Would it be possible here,
or would it be too much work? To me (an unexperienced person in this) it would seem like a rational
evolutionary step of this site.

Joshk
Joshk's picture
Offline
Last seen: 6 hours 25 min ago
Joined: 09/09/2015 - 12:12
Posts: 1874
Location: USA

It’s been requested before, for the same reasons. The admin says he thinks the server couldn’t handle the extra computing. That baffles fellow server operators like me, but it’s his site.

Yes, TLS on the private messages would be a VERY good idea.

Dr.Phillip
Dr.Phillip's picture
Offline
Last seen: 1 week 2 days ago
Joined: 09/26/2019 - 04:23
Posts: 125

Well, maybe he could do a fundraiser, many users wouldnt mind chipping in a few bucks, it might cover any hardware and software updates.

Watermanchris
Offline
Last seen: 8 hours 14 min ago
Joined: 08/06/2019 - 09:12
Posts: 254
Location: Deerfield Beach, FL

I would like to be a supporting member of the site. Bladeforums requires a paid membership to have PM privileges probably because of the extra costs associated. I am a platinum member at bladeforums ($60 a year) and I would gladly contribute the same amount here as this site has saved me $100s.

Dr.Phillip
Dr.Phillip's picture
Offline
Last seen: 1 week 2 days ago
Joined: 09/26/2019 - 04:23
Posts: 125
Watermanchris wrote:
I would like to be a supporting member of the site. Bladeforums requires a paid membership to have PM privileges probably because of the extra costs associated. I am a platinum member at bladeforums ($60 a year) and I would gladly contribute the same amount here as this site has saved me $100s.

Well, I think paid membership would not bode well for most members but I agree on many of us volunteering and chiping in, maybe Wikipedia style fundraiser to implement tls, upgrade server plus any software update costs (if there are any).

Watermanchris
Offline
Last seen: 8 hours 14 min ago
Joined: 08/06/2019 - 09:12
Posts: 254
Location: Deerfield Beach, FL
Dr.Phillip wrote:
Watermanchris wrote:
I would like to be a supporting member of the site. Bladeforums requires a paid membership to have PM privileges probably because of the extra costs associated. I am a platinum member at bladeforums ($60 a year) and I would gladly contribute the same amount here as this site has saved me $100s.

Well, I think paid membership would not bode well for most members but I agree on many of us volunteering and chiping in, maybe Wikipedia style fundraiser to implement tls, upgrade server plus any software update costs (if there are any).


You could make it voluntary as opposed to mandatory. People who see value, will be able to contribute financially on a membership basis. I like to support those that help me and since I’m pretty much a flashlight n00b, I can’t offer much to the community in terms of knowledge but I could contribute financially.

Those members that contribute with their knowledge and advice are doing so much to help people like me so they shouldn’t have to contribute financially.

At Bladeforums.com, only a “Gold” membership ($30 a year) is required to be able to sell on their exchange and have a 100 message PM mailbox but I chose “Platinum” to show my appreciation to the hosts.

I would gladly do the same here if it was an option.

manithree
Offline
Last seen: 6 hours 50 min ago
Joined: 01/12/2013 - 01:08
Posts: 389
Location: Orem, UT, USA

Well, according to arin.net 170.75.162.59 belongs to Luna Node, and Luna Node offers free SSL/TLS termination with letsencrypt on their load balancers for any plan that’s > $3/month.

The last time I looked it up, I’m pretty sure that wasn’t the case, so maybe Luna has improved their service, and now is the time to step up to TLS. Or, it’s possible there’s a mistake in my amateur sleuthing.

Still have the issue with mixed http/https with all the images, though.

Joshk
Joshk's picture
Offline
Last seen: 6 hours 25 min ago
Joined: 09/09/2015 - 12:12
Posts: 1874
Location: USA
manithree wrote:
Still have the issue with mixed http/https with all the images, though.

Mixed http/https doesn’t break a site, and would far better than none, but that’s not how I recommend starting.
I propose starting by just making the Messages page link https by default. You don’t need to make TLS mandatory after you install it, technically the user could tweak the address bar at any time and switch between the two.

Watermanchris
Offline
Last seen: 8 hours 14 min ago
Joined: 08/06/2019 - 09:12
Posts: 254
Location: Deerfield Beach, FL
Joshk wrote:
manithree wrote:
Still have the issue with mixed http/https with all the images, though.

Mixed http/https doesn’t break a site, and would far better than none, but that’s not how I recommend starting.
I propose starting by just making the Messages page link https by default. You don’t need to make TLS mandatory after you install it, technically the user could tweak the address bar at any time and switch between the two.

I agree with this as a way to get started but would there be a way to make sure a message started with TLS, stays TLS between participants?

Joshk
Joshk's picture
Offline
Last seen: 6 hours 25 min ago
Joined: 09/09/2015 - 12:12
Posts: 1874
Location: USA

Yes, after a week or so of giving users the choice to test it, it would be super easy to edit the Apache/Nginx config to force https on just the messages pages, but not the rest of the site.