chef - [chef] Re: Re: Re: SSL on tickets.opscode.com?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Re: Re: SSL on tickets.opscode.com?

From: Daniel DeLeo < >
To:
Subject: [chef] Re: Re: Re: SSL on tickets.opscode.com?
Date: Wed, 4 Sep 2013 15:33:41 -0700

Hey guys, thanks for bringing this up. Everything should be on SSL now. Please let us know if you get mixed content warnings or anything like that, there could be image URLs or whatever hidden deep in the Jira config we didn't find.

Thanks to Joshua and Paul for busting this out.

Daniel DeLeo

On Tuesday, September 3, 2013 at 1:49 AM, Anton Baranov wrote:

I could approve this error. When i login on tickets.opscode.com, i still exist on HTTP-version of site. Your Jira didn't redirect me to https-site after successful login.

--
With best regards, Anton Baranov.

вторник, 3 сентября 2013 г. в 11:43, Scott M. Likens написал:

What's worse is it does support SSL, but redirects back to HTTP.

* About to connect() to tickets.opscode.com port 443 (#0)
*   Trying 184.106.28.82...
* connected
* Connected to tickets.opscode.com (184.106.28.82) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
*     subject: C=US; ST=Washington; L=Seattle; O=Opscode, Inc; CN=*.opscode.com
*     start date: 2013-04-12 00:00:00 GMT
*     expire date: 2014-06-16 12:00:00 GMT
*     subjectAltName: tickets.opscode.com matched
*     issuer: C=US; O=DigiCert Inc; CN=DigiCert Secure Server CA
*     SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8x zlib/1.2.5
> Host: tickets.opscode.com
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Server: ngx_openresty
< Date: Tue, 03 Sep 2013 02:42:27 GMT
< Content-Type: text/html;charset=UTF-8
< Content-Length: 0
< Connection: keep-alive
< X-AREQUESTID: 162x1785459x1
< Set-Cookie: atlassian.xsrf.token=A2WE-4IXS-SD1Z-PGER|2feda24d811bcd770b5bfd628451f375ab610515|lout; Path=/
< X-AUSERNAME: anonymous
< X-Content-Type-Options: nosniff
< Set-Cookie: JSESSIONID=04180BA21DFE150C2E15D4AB113142D8; Path=/; HttpOnly
< Location: http://tickets.opscode.com/secure/MyJiraHome.jspa

On 9/2/13 7:17 PM, Ketan Padegaonkar wrote:

Ohai,

It's weird to see that tickets.opscode.com is not running on SSL. Submitting a password over plain text seems so 2010. Is there any future plans to move this over to SSL?

Thanks!

- Ketan

!DSPAM:522546ed26481348188260!

[chef] SSL on tickets.opscode.com?, Ketan Padegaonkar, 09/02/2013
- [chef] Re: SSL on tickets.opscode.com?, Matthew Moretti, 09/02/2013
- [chef] Re: SSL on tickets.opscode.com?, Scott M. Likens, 09/02/2013
  - [chef] Re: Re: SSL on tickets.opscode.com?, Anton Baranov, 09/03/2013
    - [chef] Re: Re: Re: SSL on tickets.opscode.com?, Daniel DeLeo, 09/04/2013
      - [chef] Re: Re: Re: Re: SSL on tickets.opscode.com?, Anton Baranov, 09/04/2013