[chef] Re: Re: SSL on tickets.opscode.com?


Chronological Thread 
  • From: Anton Baranov < >
  • To:
  • Subject: [chef] Re: Re: SSL on tickets.opscode.com?
  • Date: Tue, 3 Sep 2013 17:49:10 +0900

I could approve this error. When i login on tickets.opscode.com, i still exist on HTTP-version of site. Your Jira didn't redirect me to https-site after successful login.

-- 
With best regards, Anton Baranov.

вторник, 3 сентября 2013 г. в 11:43, Scott M. Likens написал:

What's worse is it does support SSL, but redirects back to HTTP.

* About to connect() to tickets.opscode.com port 443 (#0)
*   Trying 184.106.28.82...
* connected
* Connected to tickets.opscode.com (184.106.28.82) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
*      subject: C=US; ST=Washington; L=Seattle; O=Opscode, Inc; CN=*.opscode.com
*      start date: 2013-04-12 00:00:00 GMT
*      expire date: 2014-06-16 12:00:00 GMT
*      subjectAltName: tickets.opscode.com matched
*      issuer: C=US; O=DigiCert Inc; CN=DigiCert Secure Server CA
*      SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8x zlib/1.2.5
> Host: tickets.opscode.com
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Server: ngx_openresty
< Date: Tue, 03 Sep 2013 02:42:27 GMT
< Content-Type: text/html;charset=UTF-8
< Content-Length: 0
< Connection: keep-alive
< X-AREQUESTID: 162x1785459x1
< Set-Cookie: atlassian.xsrf.token=A2WE-4IXS-SD1Z-PGER|2feda24d811bcd770b5bfd628451f375ab610515|lout; Path=/
< X-AUSERNAME: anonymous
< X-Content-Type-Options: nosniff
< Set-Cookie: JSESSIONID=04180BA21DFE150C2E15D4AB113142D8; Path=/; HttpOnly
< Location: http://tickets.opscode.com/secure/MyJiraHome.jspa



On 9/2/13 7:17 PM, Ketan Padegaonkar wrote:
Ohai,

It's weird to see that tickets.opscode.com is not running on SSL. Submitting a password over plain text seems so 2010. Is there any future plans to move this over to SSL?

Thanks!

- Ketan

!DSPAM:522546ed26481348188260!





Archive powered by MHonArc 2.6.16.

§