Re: [Mailman-Users] moderator page behind nginx with SSL

Tue, 21 Jun 2016 09:10:13 -0700 

On 06/18/2016 05:39 AM, Stephen J. Turnbull wrote:

 > The rest of mailman version 2.1.22
 > is working fine with SSL and some rewriting by nginx and yet
 > https://cibolo.us/mailman/admindb/open_electroporator  gives a message
 > "will be sent over an insecure connection" when I seta button to
 > discard and then do the submit all data button.

Do you have a proper certificate for the host, rooted in a well-known
service?  I suppose you do, but it's the first thing to check.


it is from letsencrypt.org

The

second is whether that root service is listed in your browser's list
of trusted roots.


It works fine for my webpages I set up such as
http://cibolo.us/mailman/listinfo/open_electroporator  that URl is rewritten 
and permenanetly directed to below:
https://cibolo.us/mailman/listinfo/open_electroporator



Third, is this actually SSL and not TLS?  SSL is in fact considered
insecure by many experts; many libraries implementing these protocols
now refuse to use SSL (even v3), and some issue a warning if the
server forces it.


I suppose it is TLS.  I followed very recent guides to set it up.

Yes, as far as behind nginx it is TLS:

 # SSL Settings

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;
        ssl_session_cache   shared:SSL:10m;
        ssl_session_timeout 10m;
        ssl_certificate /etc/ssl/xxxxxxxxxxxxxxxxxxx;
        ssl_certificate_key /etc/ssl/xxxxxxxxxxxxxxxxxx;
        # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
        ssl_dhparam /etc/ssl/private/dhparam2048.pem;

Only admin of pending moderation is affected.
Maybe I have an operator error -- I'll check for setting the moderator name and 
password -- it may be blank or
from an older version of mailman  that this installation was migrated from...
fix_url has been run on the affected list.  That was after some restoring of 
data dirs and
there could be permissions problems...so maybe I still need to run fix_url 
again...

Thanks for the suggestions.
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Reply via email to