Misc #13525
closed
Expand HTTPS to lists.ruby-lang.org
Description
Hi ruby-lang.org admins,
while managing the new ruby-de list I noticed that lists.ruby-lang.org is not reachable via HTTPS properly. If one tries, the browser first displays a TLS certificate domain mismatch warning, and after dismissing that one, the web server returns a 404 error e.g. for https://lists.ruby-lang.org/cgi-bin/mailman/admin/ruby-de. This is unfortunate, because browsers start to complain about logins on non-HTTPS websites. The list admin interfaces like the one on http://lists.ruby-lang.org/cgi-bin/mailman/admin/ruby-de use login forms, so making them reachable via HTTPS would be a good idea.
Please fix this once you get around to it. It's not a pressing issue, but it should be resolved before browsers start actively rejecting logins on unencrypted sites (and it's better for passwords to be sent over TLS anyway).
Greetings
Marvin
Updated by hsbt (Hiroshi SHIBATA) over 7 years ago
- Status changed from Open to Assigned
Updated by hsbt (Hiroshi SHIBATA) over 7 years ago
I enabled HTTPS of lists.ruby-lang.org
https://lists.ruby-lang.org/cgi-bin/mailman/admin/ruby-de
Can you confirm that behavior?
Updated by Quintus (Marvin Gülker) over 7 years ago
I can confirm that the site is now reachable via HTTPS as well. Firefox now accepts the login field without a warning.
Thank you again!
Marvin
Updated by Quintus (Marvin Gülker) over 7 years ago
Just entering https://lists.ruby-lang.org as URL however redirects to the non-HTTPS version. I don't know whether this is expected behaviour, but I just wanted to let you know. Using https://lists.ruby-lang.org/cgi-bin/mailman/listinfo directly works flawlessly.
Marvin
Updated by hsbt (Hiroshi SHIBATA) over 7 years ago
- Status changed from Assigned to Closed
Thank you for your confirming.
I enforced https on all of lists.ruby-lang.org.
If you faced some issue, Please reopen or submit issue ticket.