News → Secure all the things!

Secure all the things!

Today is a good day. A few hours ago, Let's Encrypt went from closed beta to public beta, allowing us (and everyone else) to get a free SSL certificate.

secure all the things

That means you can now access redstoner.com via encrypted HTTPS instead of plain text HTTP!

Although Redstoner may not be the most intimate website, there are still many reasons why encryption is important, those include protecting your privacy and protecting you from hacking, censoring, or theft attacks. Did you know anyone can take over your website accounts via HTTP on a public WiFi? Of course, global surveillance is also a reason – either directly or indirectly. Anyway, you now log in (and browse) securely!

A+ Grade Security

Qualys screenshot Redstoner

See the results here.

Compare that to Google:

Qualys screenshot Google

Why am I logged out?

Sorry for that, I had to kick everyone out to make sure your insecure sessions are no longer valid. Otherwise there was a change your website account could still be taken over. That's not going to happen again, however.

Redirect to HTTPS

From now on, any attempts to connect to Redstoner via HTTP will be redirected to HTTPS, so you don't have to do anything.
We're also redirecting from subdomains (such as www.redstoner.com) to redstoner.com to keep things simple.

HSTS

We're also using HTTP Strict Transport Security so your browser will remember that redirection. It will automatically switch to HTTPS even before it tries to connect to Redstoner.com

OCSP stapling

Yet another fancy term, meaning Online Certificate Status Protocol, allows us to revoke a (possibly updated, insecure, or compromised) certificate and adds an additional layer of security.

Subresource Integrity

We're also making use of Subresource Integrity which protects you from a compromised CDN (a website that hosts some JavaScript code for us) by comparing a checksum specified by Redstoner.com with the actual checksum of the requested JavaScript file.

Partial encryption & Images

On some pages, your browser might warn you about 'Mixed Content'. It might be displayed as a lock with a warn icon:
Mixed Content

It simply means redstoner.com is fully loaded via HTTPS but some images in the forum were loaded via HTTP.

That's something we can hardly fix, but you can help by embedding images with a https://imgur.com/… or https://puu.sh/… link.

Old devices

Please note that some really old devices or browsers might not be able to access the site anymore. They have serious security flaws and should not be used anymore. Upgrade your browser, if possible.


I'll try to answer any questions in the comments below.

3 comments.

Thank you :D GG Jomo. You always come out on top lel

Hey @LogalGamer your email was invalidated because the server failed to send you anything to the address for several days. However that was not related to this change.

I just noticed the https/80 links as well.

Email link workaround

You need to remove :80 from links in email addresses.

Sorry for that everyone. I'll fix it later today.

Please Log in to post a reply.