yongsua 16 Posted March 2, 2015 Share Posted March 2, 2015 (edited) Hi, I have realized some pages of this forum are not fully encrypted, as the picture shown below. Sorry if I annoy anyone here, but I just do not want ESET later to have similar issue like Avast! forum and Malwarebytes forum that were exploited. How ironic was that Edited March 2, 2015 by yongsua Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted March 2, 2015 Administrators Share Posted March 2, 2015 This is just a forum where posts may contain links to other unsecured websites, hence the warning. In the future, we'll probably remove https support and keep it for login only. Link to comment Share on other sites More sharing options...
yongsua 16 Posted March 2, 2015 Author Share Posted March 2, 2015 This is just a forum where posts may contain links to other unsecured websites, hence the warning. In the future, we'll probably remove https support and keep it for login only. Oh I see. Thanks... Link to comment Share on other sites More sharing options...
rugk 397 Posted March 3, 2015 Share Posted March 3, 2015 Not directly links but things included. I think I already reported this issue with mixed content. And I think the reason was mostly because of Twitter profile pictures from users who linked there account to Twitter. Why do you want to remove HTTPS support? That's strange. If you already have it and already have to pay for the certificate just leave it there. Link to comment Share on other sites More sharing options...
rugk 397 Posted March 4, 2015 Share Posted March 4, 2015 (edited) Now I found the thread: Forum specific: Mixed content You can also see that the source of this issues are the Twitter pictures, because not on every forum site appears this issue. So this issue is already known some months. @Marcos said they "have been considering possible solutions". But I never would have thought that this "solution" would be to remove the SSL/TLS encryption... The best, simplest (and maybe the only) solution is to adjust the Twitter integration in a way that it doesn't call hxxp://twimg.com/..., but https://twimg.com/...! And BTW if we're already talking about the TLS/SSL security of this forum, then please use SHA-2 for your next certificate and deactivate SSL v3. It would also be a nice idea to activate the support for TLS v 1.2. Edited March 16, 2015 by rugk Link to comment Share on other sites More sharing options...
Recommended Posts