Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Yes ! https://www.cloudflare.com/
*I think he means without paying for SSL certificate* -
C0D4669027yWait a minute,
Can’t afford ssl, I’d hate to see the Security measures for data then 😳 -
@TheBeege this is the perfect example of appearing to be secure... Like it's free it has to be reliable...
-
xorith26767y@Dollique Are you saying that LetsEncrypt isn't secure or reliable? If so, could you provide some sources? I'm curious as it's used in a few areas I touch.
Looking for links to research and such. -
How about only encrypting with RC4.
Or use your own Apache that is suseptible to Heartbleed or OPTION-Bleed.
I guess Bash had a bug too to which you could downgrade. And include a kernel with CoWRoot. -
@LinusCDE when you're done create a github repository with all your root passwords. I mean, it's github, it's not like anyone is going to follow any of your repos anyway
-
bahua128017yI want enormous functionality, and you're going to do it for free, because I think you are desperate for exposure.
-
@xorith @datawraith
I support FOSS but one should be aware of the limitations it can have.
Here is an explanation about some problems of let'sencrypt: https://scotthelme.co.uk/lets-encry... -
Hitman6577y@Dollique so, according to the article in the link, it enables bad guys using Lets Encrypt for their phising websites.
In your comment you insinuated that using the certificate for your website doesn't mean that your is secure, but that's nonsense. Your own website uses https, but you can't trust the integrity of other websites by their certificate anymore. -
@Devvy I don't understand? My website? What I understand is that not every website is equally secure and that there are some things missing in the free alternatives like (CA cert). But this is just something I read and not something I can judge.
-
xorith26767y@Dollique The article indicates that bad actors may use LE to legitimize their websites. It also provided a nice point as to why that's ok and how we need to solve that issue in another way.
It does not indicate that LE is any less secure or reliable as your comment would seem to indicate.
At the end of the day, use LetsEncrypt and stop the proliferation of insecure HTTP. -
@xorith @Artemix Thanks for the explanation. I had in mind that some years ago there were some people claiming that free SSL should be avoided but maybe this changed.
I have one question though, why should one use paid SSL if the free ones are as secure? -
C0D4669027y@Dollique
When you want a SSL cert that is OV (organisation verified), these are the ones where the company name is on SSL icon in the browser (like paypal, eBay, etc).
The OV certs offer you the piece of mind that your on the website you think you’re on and not a phishing alternative with a very close domain name.
Or if you run several sub domains that you want to use a single SSL certificate for you need to purchase a wildcard as LetsEncrypt doesn’t support those (yet) -
C0D4669027y@Artemix
That’s why I said “yet”
I believe that’s for January, which will be great for a couple of sites I maintain.
But I’m sure the explosion of phishing sites will grow a bit quicker only having a single SSL cert to deal with. -
@Dollique if you'd like some detailed information on certificates, free and otherwise, I suggest you read what Troy Hunt has to say on this subject: https://troyhunt.com/on-the-perceiv...
Let's Encrypt is a free service that gives certificates just as good as, say, Comodo DV certificates. Comodo and its like are terrified of that, because they don't and can't add any value (other than EV certificates).
You know how when you use heroku, or cloudflare, or firebase on a custom domain. You still get SSL support? They use Let's Encrypt. They've issued more than 100,000,000 certificates already. They support the newest standards of openness.
In my opinion, once they support wildcards, unless you really need greenbar there'd be no reason to use any other certificate provider. -
@C0D4 LE nicht nur support wildcard, but at least got can register as many sub-/domains as you want and also add/remove them from an existing certificate.
I'm usually using 1 certificate per root domain. -
edensg7767yIt's definitely possible! Most browsers are open source, just download the source, update the strings you want to update, and compile!
-
KapL157yYou can always make a self-signed certificate, that Will do it for you.
Cons: it'll be red, there Will be a line through and if you hover over it, it Will say it is self-signed.
Pros: it works for School projects, it works for scamming non-it savvy people.
GL my friend! -
@Artemix doesn't letsencrypt require you to have a valid icann domain ?
I have a self signed wildcard cert for my entire *.dev TLD, something LE wouldn't let me do because the domains are ofcourse non existent.
PS I assume he meant scamming friends as in 'add a record to their hosts file.'
Related Rants
client: i want to make an e-commerce site.
.
.
developer: how much are you willing to spend?
client: i'm on a tight budget, as cheap/low as possible.
.
.
web development on a budget y'all :------)
undefined
budget
stackoverflow
webdev