Ohai,
It’s weird to see that tickets.opscode.com is not running on SSL.
Submitting a password over plain text seems so 2010. Is there any future
plans to move this over to SSL?
Thanks!
- Ketan
Ohai,
It’s weird to see that tickets.opscode.com is not running on SSL.
Submitting a password over plain text seems so 2010. Is there any future
plans to move this over to SSL?
Thanks!
It appears to just be a mis-configuration - the server does have an SSL
certificate: https://tickets.opscode.com/login.jsp
https://tickets.opscode.com/login.jsp
Matt Moretti
On Mon, Sep 2, 2013 at 10:17 PM, Ketan Padegaonkar <
ketanpadegaonkar@gmail.com> wrote:
Ohai,
It's weird to see that tickets.opscode.com is not running on SSL.
Submitting a password over plain text seems so 2010. Is there any future
plans to move this over to SSL?Thanks!
- Ketan
What's worse is it does support SSL, but redirects back to HTTP.
subject: C=US; ST=Washington; L=Seattle; O=Opscode, Inc;
CN=*.opscode.com
start date: 2013-04-12 00:00:00 GMT
expire date: 2014-06-16 12:00:00 GMT
subjectAltName: tickets.opscode.com matched
issuer: C=US; O=DigiCert Inc; CN=DigiCert Secure Server CA
SSL certificate verify ok.
GET / HTTP/1.1
User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0
OpenSSL/0.9.8x zlib/1.2.5
Host: tickets.opscode.com
Accept: /
< HTTP/1.1 302 Moved Temporarily
< Server: ngx_openresty
< Date: Tue, 03 Sep 2013 02:42:27 GMT
< Content-Type: text/html;charset=UTF-8
< Content-Length: 0
< Connection: keep-alive
< X-AREQUESTID: 162x1785459x1
< Set-Cookie:
atlassian.xsrf.token=A2WE-4IXS-SD1Z-PGER|2feda24d811bcd770b5bfd628451f375ab610515|lout;
Path=/
< X-AUSERNAME: anonymous
< X-Content-Type-Options: nosniff
< Set-Cookie: JSESSIONID=04180BA21DFE150C2E15D4AB113142D8; Path=/; HttpOnly
< Location: http://tickets.opscode.com/secure/MyJiraHome.jspa
On 9/2/13 7:17 PM, Ketan Padegaonkar wrote:
Ohai,
It's weird to see that tickets.opscode.com
http://tickets.opscode.com is not running on SSL. Submitting a
password over plain text seems so 2010. Is there any future plans to
move this over to SSL?Thanks!
- Ketan
!DSPAM:522546ed26481348188260!
I could approve this error. When i login on tickets.opscode.com, i still exist on HTTP-version of site. Your Jira didn't redirect me to https-site after successful login.
--
With best regards, Anton Baranov.
вторник, 3 сентября 2013 г. в 11:43, Scott M. Likens написал:
What's worse is it does support SSL, but redirects back to HTTP.
- About to connect() to tickets.opscode.com (http://tickets.opscode.com) port 443 (#0)
- Trying 184.106.28.82...
- connected
- Connected to tickets.opscode.com (http://tickets.opscode.com) (184.106.28.82) port 443 (#0)
- SSLv3, TLS handshake, Client hello (1):
- SSLv3, TLS handshake, Server hello (2):
- SSLv3, TLS handshake, CERT (11):
- SSLv3, TLS handshake, Server finished (14):
- SSLv3, TLS handshake, Client key exchange (16):
- SSLv3, TLS change cipher, Client hello (1):
- SSLv3, TLS handshake, Finished (20):
- SSLv3, TLS change cipher, Client hello (1):
- SSLv3, TLS handshake, Finished (20):
- SSL connection using AES256-SHA
- Server certificate:
subject: C=US; ST=Washington; L=Seattle; O=Opscode, Inc; CN=*.opscode.com (http://opscode.com)
start date: 2013-04-12 00:00:00 GMT
expire date: 2014-06-16 12:00:00 GMT
subjectAltName: tickets.opscode.com (http://tickets.opscode.com) matched
issuer: C=US; O=DigiCert Inc; CN=DigiCert Secure Server CA
SSL certificate verify ok.
GET / HTTP/1.1
User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8x zlib/1.2.5
Host: tickets.opscode.com (http://tickets.opscode.com)
Accept: /< HTTP/1.1 302 Moved Temporarily
< Server: ngx_openresty
< Date: Tue, 03 Sep 2013 02:42:27 GMT
< Content-Type: text/html;charset=UTF-8
< Content-Length: 0
< Connection: keep-alive
< X-AREQUESTID: 162x1785459x1
< Set-Cookie: atlassian.xsrf.token=A2WE-4IXS-SD1Z-PGER|2feda24d811bcd770b5bfd628451f375ab610515|lout; Path=/
< X-AUSERNAME: anonymous
< X-Content-Type-Options: nosniff
< Set-Cookie: JSESSIONID=04180BA21DFE150C2E15D4AB113142D8; Path=/; HttpOnly
< Location: http://tickets.opscode.com/secure/MyJiraHome.jspaOn 9/2/13 7:17 PM, Ketan Padegaonkar wrote:
Ohai,
It's weird to see that tickets.opscode.com (http://tickets.opscode.com) is not running on SSL. Submitting a password over plain text seems so 2010. Is there any future plans to move this over to SSL?
Thanks!
- Ketan
!DSPAM:522546ed26481348188260!