вторник, 3 сентября 2013 г. в 11:43, Scott M. Likens написал:
What's worse is it does support SSL, but redirects back to HTTP.
* About to connect() to tickets.opscode.com port 443 (#0)
* Trying 184.106.28.82...
* connected
* Connected to tickets.opscode.com (184.106.28.82) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=US; ST=Washington; L=Seattle; O=Opscode, Inc; CN=*.opscode.com
* start date: 2013-04-12 00:00:00 GMT
* expire date: 2014-06-16 12:00:00 GMT
* subjectAltName: tickets.opscode.com matched
* issuer: C=US; O=DigiCert Inc; CN=DigiCert Secure Server CA
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8x zlib/1.2.5
> Host: tickets.opscode.com
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Server: ngx_openresty
< Date: Tue, 03 Sep 2013 02:42:27 GMT
< Content-Type: text/html;charset=UTF-8
< Content-Length: 0
< Connection: keep-alive
< X-AREQUESTID: 162x1785459x1
< Set-Cookie: atlassian.xsrf.token=A2WE-4IXS-SD1Z-PGER|2feda24d811bcd770b5bfd628451f375ab610515|lout; Path=/
< X-AUSERNAME: anonymous
< X-Content-Type-Options: nosniff
< Set-Cookie: JSESSIONID=04180BA21DFE150C2E15D4AB113142D8; Path=/; HttpOnly
< Location: http://tickets.opscode.com/secure/MyJiraHome.jspa
On 9/2/13 7:17 PM, Ketan Padegaonkar wrote:
!DSPAM:522546ed26481348188260!Ohai,
It's weird to see that tickets.opscode.com is not running on SSL. Submitting a password over plain text seems so 2010. Is there any future plans to move this over to SSL?
Thanks!
- Ketan
Archive powered by MHonArc 2.6.16.