On 06/18/2016 05:39 AM, Stephen J. Turnbull wrote:
> The rest of mailman version 2.1.22
> is working fine with SSL and some rewriting by nginx and yet
> https://cibolo.us/mailman/admindb/open_electroporator gives a message
> "will be sent over an insecure connection" when I seta button to
> discard and then do the submit all data button.
Do you have a proper certificate for the host, rooted in a well-known
service? I suppose you do, but it's the first thing to check.
it is from letsencrypt.org
The
second is whether that root service is listed in your browser's list
of trusted roots.
It works fine for my webpages I set up such as
http://cibolo.us/mailman/listinfo/open_electroporator that URl is rewritten
and permenanetly directed to below:
https://cibolo.us/mailman/listinfo/open_electroporator
Third, is this actually SSL and not TLS? SSL is in fact considered
insecure by many experts; many libraries implementing these protocols
now refuse to use SSL (even v3), and some issue a warning if the
server forces it.
I suppose it is TLS. I followed very recent guides to set it up.
Yes, as far as behind nginx it is TLS:
# SSL Settings
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_certificate /etc/ssl/xxxxxxxxxxxxxxxxxxx;
ssl_certificate_key /etc/ssl/xxxxxxxxxxxxxxxxxx;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/ssl/private/dhparam2048.pem;
Only admin of pending moderation is affected.
Maybe I have an operator error -- I'll check for setting the moderator name and
password -- it may be blank or
from an older version of mailman that this installation was migrated from...
fix_url has been run on the affected list. That was after some restoring of
data dirs and
there could be permissions problems...so maybe I still need to run fix_url
again...
Thanks for the suggestions.
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org