Some sections in this forum are not fully encrypted

[yongsua 16]

Hi, I have realized some pages of this forum are not fully encrypted, as the picture shown below.

 

 

Sorry if I annoy anyone here, but I just do not want ESET later to have similar issue  like Avast! forum and Malwarebytes forum that were exploited. How ironic was that 

Edited March 2, 2015 by yongsua

[Marcos 5,074]

This is just a forum where posts may contain links to other unsecured websites, hence the warning. In the future, we'll probably remove https support and keep it for login only.

[yongsua 16]

This is just a forum where posts may contain links to other unsecured websites, hence the warning. In the future, we'll probably remove https support and keep it for login only.

 

Oh I see. Thanks...

[rugk 397]

Not directly links but things included.

I think I already reported this issue with mixed content. And I think the reason was mostly because of Twitter profile pictures from users who linked there account to Twitter.

Why do you want to remove HTTPS support? That's strange. If you already have it and already have to pay for the certificate just leave it there.

[rugk 397]

Now I found the thread: Forum specific: Mixed content

You can also see that the source of this issues are the Twitter pictures, because not on every forum site appears this issue.

 

So this issue is already known some months. @Marcos said they "have been considering possible solutions".

But I never would have thought that this "solution" would be to remove the SSL/TLS encryption...

The best, simplest (and maybe the only) solution is to adjust the Twitter integration in a way that it doesn't call hxxp://twimg.com/..., but https://twimg.com/...!

 

And BTW if we're already talking about the TLS/SSL security of this forum, then please use SHA-2 for your next certificate and deactivate SSL v3. It would also be a nice idea to activate the support for TLS v 1.2.

Edited March 16, 2015 by rugk