T O P I C R E V I E W |
Aaron Cake |
Posted - Jul 05 2020 : 10:37:12 AM Users of some browsers may have noticed that even though this website was being accessed by HTTPS, the browser still reported it as "Not Secure" (thanks Chrome!). Though the certificate is valid, the site is hosted on IIS6 running on Server 2003 (if it ain't broke, don't change it) which does not support TLS 1.2 that Google decided is the only secure version. Thus they've deprecated TLS 1.0/1.1 and started showing warnings in the address bar, which later this year would turn into a full browser red screen advising the user of the "danger" of visiting the site. So to prevent this, I've placed the site behind an nginx reverse proxy which is capable of negotiating TLS 1.2 on Server 2003. And I've also configured it to redirect all HTTP URLs to HTTPS, enforcing HTTPS across the entire site (as is the style nowadays). So any old links, bookmarks or hand typed access to the site will now be secure. At least until Google decides to arbitrarily force another decision across the entire Web via browser monopoly. Everything should work as before, but if there are any issues, please let me know. |
|
|