Https recently broken on site?

[carangil]

I know for a long time, this site had no https support. Somewhat recently, you could put https:// in the browser, and this site would work, just some some browser warnings about some of the content not be encrytped, that's fine. I mostly just care about PASSWORD, I don't care about someone spying on me add seeing I like old computers; big secret. However, lately I can't even login thru https... the site redirects immediately to http, and I'm not sure about passwords and such. I don't know if this site changed something, something broke, or the new version of Chrome is just super extra paranoid about mixing https and http on the same page.

Also, sorry, I'm not sure if this is the right section. I thought there was a section just for site suggestions/problems, etc, but I don't see it anymore? Or maybe I've got my memory confused with that other old computer page.

 

[Stone]

Have a look here:

http://www.vcfed.org/forum/showthread.php?62134-PM-database-error

It might be somehow relevant.

 

[carangil]

Oh, I didn't notice that. Hope it all gets fixed up soon.

 

[SomeGuy]

I just hope they never force full HTTPS usage here. HTTPS can break on any browser more than five minutes old, and it is nice being able to access this site from Win9x.

 

[Caluser2000]

I just hope they never force full HTTPS usage here. HTTPS can break on any browser more than five minutes old, and it is nice being able to access this site from Win9x.

Indeed or older browsers on old*nix
I wonder what the oldest browser to visit here is?

 

[KC9UDX]

I use IBrowse 2.1 on occasion, but I don't expect that's the oldest.

 

[retro-pc_user]

HTTPS never worked for me on any of my systems, including my smartphone and tablet. I have to check and see if it works in Windows 98SE with FireFox 2.0.0.20 and Windows 95C with IE 4.0 with Active Desktop.

 

[SomeGuy]

At least the versions of Firefox and Seamonkey posted here should work on 9x for some HTTPS sites (no idea about vcfed.org, especially if is broken now): http://toastytech.com/files/95browsing.html

That is what I am using on 9x, although many HTTPS sites are crapping out these days.

One of these days I need to figure out exactly what the configuration difference is in those sites. My best guess is rather than picking an existing encryption method from those available that works fine, like a site is supposed to do, they enforce one that they believe is "best", but not available.

 

[kgober]

More likely, the site has either stopped allowing weak ciphers that are easily broken on modern processors (e.g. DES, RC4), or they have stopped allowing broken protocols that have security vulnerabilities (e.g. SSLv2, SSLv3). Probably ciphers.

 

[SomeGuy]

Sometime in the last few days the old Slashdot.org site joined the club of breaking HTTPS compatiblity with older browsers. Although that site had turned in to an HTML 5 disaster area a long time ago.

 

[ClassicHasClass]

It's probably TLSv1.2 being required as a minimum. That's started biting Power Macs recently too.