Page 1 of 1

[DONE] Could we have SSL/HTTPS support?

PostPosted: 26 May 2012, 18:08
by tomreyn
Thanks for hosting these forums. Is there a chance you could add HTTPS/SSL support? It feels somewhat pointless to have to login if there's no secure transfer, and people who reuse their passwords from other websites are very much risking to leak them. A CACert signed or even self-signed certificate is better than no SSL support to me. And then there is StartSSL which signs single-domain certificates for free (but charges for revocation).

Re: Could we have SSL/HTTPS support?

PostPosted: 26 May 2012, 21:32
by charlie
Sounds a bit OTT; is there a [greater than one user] demand for this?

Re: Could we have SSL/HTTPS support?

PostPosted: 26 May 2012, 21:53
by tomreyn
Huh, account security being over the top? That's more like fundamental to me.

Re: Could we have SSL/HTTPS support?

PostPosted: 26 May 2012, 22:18
by Julius
Don't reuse your online-banking password for gaming forum website ;) Login is so that there is a name next to your post.

Sure, it would be nice to have a more secure setup... but IMHO it is not worth the effort, and you shouldn't be using an important password here anyways.

Re: Could we have SSL/HTTPS support?

PostPosted: 27 May 2012, 00:25
by qubodup
It would be nice but I have 0 knowledge about https and it'd all depend on whether our host admins ghoul and hagish would have any time to spend on this issue. :)

Re: Could we have SSL/HTTPS support?

PostPosted: 19 Sep 2012, 17:50
by ghoulsblade
*kinda thread necro but i stumbled on it and feel like venting some steam regarding https*
love2d has self-signed https i think, the result is me seeing that white+yellow untrusted site warning on some win comps even with firefox, which doesn't even offer the option to store the exception permanently.
Frankly horrible for users, no matter the tech reason. Not self-signed https costs considerable money afaik.
I'd think users that are so carefree to reuse valuable passwords on a non-https site would also just click ok for the certificate warning they'd get during a man-in-the-middle attack, so i don't even see the security benefit.

Re: Could we have SSL/HTTPS support?

PostPosted: 19 Sep 2012, 19:06
by sireus
ghoulsblade {l Wrote}:love2d has self-signed https i think

It's signed by comodo, which might be blacklisted after the 2011 security breach though.

ghoulsblade {l Wrote}:even with firefox, which doesn't even offer the option to store the exception permanently.

Huh? Right at the bottom of the dialogue, there's a checkbox "Permanently store this exception". It's even checked by default.

ghoulsblade {l Wrote}:Frankly horrible for users, no matter the tech reason. Not self-signed https costs considerable money afaik.

Depends on what you call considerable. I think some are available for about 50 € p.a. The problem is that those are only valid for one domain, so if you have subdomains (like this site does), it does get quite expensive.

Re: Could we have SSL/HTTPS support?

PostPosted: 19 Sep 2012, 21:36
by Evropi
There's no point. Signatures are expensive and they have problems of their own anyway... everything is fine as it is.

I'm pretty sure the OP is trying to circumvent educational/workplace restrictions.

Re: Could we have SSL/HTTPS support?

PostPosted: 19 Sep 2012, 22:23
by ghoulsblade
"Permanently store this exception": it's there, but grayed out. I just checked, still that way in win7 64bit, firefox 15.0.1 .
The text says something about invalid certificate, something about the issuer being wrong.
So maybe it's not just non-verified but also somehow messed up.
Ubuntu 11.04 64bit Firefox 15.0.1 has no problem with it interestingly.
50€ per year per subdomain seems quite expensive i'd say.
A pity the self-signed things produce such a shocking feedback to non-techy users.
It would be tempting to have an encrypted connection for the sake of technology and being geeky, but i wouldn't accept even a one-time browser-alert or significant cost for it. Would feel broken if warning, and would feel non-free if payed. Meh, just rambling, never mind =)

Re: [REJECTED] Could we have SSL/HTTPS support?

PostPosted: 02 Jul 2013, 15:37
by alexander
I really wish it had HTTPS. it is inconvenient for me to have to route my traffic differently in fear of man-in-the-middle-attacks when logging into freegamedev. I'm honestly baffled that this is even an issue. I don't know any other sites I use on a monthly (probably yearly) basis that do not have HTTPS login.

Re: [REJECTED] Could we have SSL/HTTPS support?

PostPosted: 18 Mar 2017, 13:23
by Tobbi
With https://letsencrypt.org/, you should give this some further consideration.

Re: [REJECTED] Could we have SSL/HTTPS support?

PostPosted: 18 Mar 2017, 14:19
by Lyberta
Yes, I use it on all of my websites and 100% of the content is served via HTTPS.

Re: [REJECTED] Could we have SSL/HTTPS support?

PostPosted: 19 Mar 2017, 14:25
by hagish
With the server migration we will most likely have letsencrypt ssl vertificates.

Re: [DONE] Could we have SSL/HTTPS support?

PostPosted: 19 Apr 2017, 06:37
by Julius
With the new https support the youtube embedding broke as it tries to embed them in http only.