четверг, 5 сентября 2013 г. в 7:33, Daniel DeLeo написал:
Hey guys, thanks for bringing this up. Everything should be on SSL now. Please let us know if you get mixed content warnings or anything like that, there could be image URLs or whatever hidden deep in the Jira config we didn't find.Thanks to Joshua and Paul for busting this out.--Daniel DeLeoOn Tuesday, September 3, 2013 at 1:49 AM, Anton Baranov wrote:
I could approve this error. When i login on tickets.opscode.com, i still exist on HTTP-version of site. Your Jira didn't redirect me to https-site after successful login.--With best regards, Anton Baranov.вторник, 3 сентября 2013 г. в 11:43, Scott M. Likens написал:
What's worse is it does support SSL, but redirects back to HTTP.
* About to connect() to tickets.opscode.com port 443 (#0)
* Trying 184.106.28.82...
* connected
* Connected to tickets.opscode.com (184.106.28.82) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
* subject: C=US; ST=Washington; L=Seattle; O=Opscode, Inc; CN=*.opscode.com
* start date: 2013-04-12 00:00:00 GMT
* expire date: 2014-06-16 12:00:00 GMT
* subjectAltName: tickets.opscode.com matched
* issuer: C=US; O=DigiCert Inc; CN=DigiCert Secure Server CA
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8x zlib/1.2.5
> Host: tickets.opscode.com
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Server: ngx_openresty
< Date: Tue, 03 Sep 2013 02:42:27 GMT
< Content-Type: text/html;charset=UTF-8
< Content-Length: 0
< Connection: keep-alive
< X-AREQUESTID: 162x1785459x1
< Set-Cookie: atlassian.xsrf.token=A2WE-4IXS-SD1Z-PGER|2feda24d811bcd770b5bfd628451f375ab610515|lout; Path=/
< X-AUSERNAME: anonymous
< X-Content-Type-Options: nosniff
< Set-Cookie: JSESSIONID=04180BA21DFE150C2E15D4AB113142D8; Path=/; HttpOnly
< Location: http://tickets.opscode.com/secure/MyJiraHome.jspa
On 9/2/13 7:17 PM, Ketan Padegaonkar wrote:
!DSPAM:522546ed26481348188260!Ohai,
It's weird to see that tickets.opscode.com is not running on SSL. Submitting a password over plain text seems so 2010. Is there any future plans to move this over to SSL?
Thanks!
- Ketan
Archive powered by MHonArc 2.6.16.