Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

Yes, you read that correctly. During the monthly maintenance window on June 1st SSL mode will be enforced. For most of you this won’t be an issue. If you’re using an older OS with an older browser you will get an error message due to your browser not properly understanding the necessary protocols. You will need to switch to a browser that will work with them (the most recently supported versions of FF on all supported platforms definitely work, FYI). If you can’t switch to a compatible browser you can click through the SSL warning. I would recommend upgrading ASAP though.

You can verify if your current browser will have an issue right now by clicking HERE. The link will take you to the general forum but in SSL mode.

Note that you may see a mixed content warning and see some broken avatars/sig pics. This is specific to your browser and not something I can fix for you, but in Firefox, you’ll see a broken shield/Padlock icon (depends on your version and skin). When you click on it there is a way to allow mixed content temporarily or permanently. There is also a global override that can be set in about:config if you prefer.

While I personally don’t recommend this, you can toggle the following preference to false:

security.mixed_content.block_display_content

If your version doesn’t have it listed (some don’t), right-click and choose to create a new boolean preference with name above and set it to false.

Unfortunately, for other browsers you’ll have to find the solution for yourself as I can only support the ones I have access to.

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

Why are we doing this? I know there is no technical reason not to, but I am curious what benefits are derived in taking this path in addition to SEO reasons.

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

Maxthon3 Portable opened the General section fine through the SSL link

CRAPTop is running win8 though it was built with 7
I can test Opera and an older Firefox Portable

SSL is Supposedly More secure that standard http.

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

Chrome did fine on W10.

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

The latest stable release of chrome did fine on Windows 8.1.

As for why SSL is good, my understanding is that it encrypts packets sent between the host (website) and the client (us), making it so that anybody who tries to intercept and “sniff” them can’t get any valuable data out of them like passwords and usernames.

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

Dang it i was planning on using my new 68k mac to access forums, Just because really :slight_smile: now i can’t

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

Worked in Opera too
and I did Not even log in before testing

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

It’s a good idea if I used my credit card on the site. Not worried that they would find my username and password for this site. I use an alias. I wasn’t born as Write and Left.

However, I think I know where this trend is coming from. Some ISPs are injecting ads into http pages. With https they can’t do this. Seems like they shouldn’t be allowed to inject their own ads into someone else’s site. I have converted my own to https just because I needed a certificate for my mail server and it was no big deal to use the same cert for my websites.

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

Works fine for Firefox on win 7, obviously.
Works fine on the main site, and the mobile site, on Lightning Browser on Android 6.0 on at least two phones.

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

So, twice now I’ve lost the reply I had typed up, so fuck it, I’m just going to shorten it to thank you to those who have let me know which browsers are working for them. Incidentally I have received three reports via email from people without accounts regarding Android, specifically related to AOSP based ROMs. Apparently the unbranded browser included in AOSP based ROMs does throw errors on builds based on the final release of Jelly Bean and earlier.

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

It works on the Extended Service Release of Firefox, but that’s not a surprise

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

Dang, I actually had to look up what version the ESR is on. Yeah, the current ESR was released after they added support for SNI, which is required for the certs to verify properly. :slight_smile:

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

Having no problems ~ Android 4.4.4

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

Android tablet at 4.4.2 works in Google Chrome
Google Chrome works in Xubuntu Linux 16.04
Lynx works in Xubuntu Linux 16.04, so no problem for text only people. (Update those alt tags.)

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

The only worry I had was having to change bookmarks
But, I am betting that as long as the site address is the same
just the https (SSL) difference, I should be fine
Besides
IF I type an address in, I never bother typing the http(s)://.www. part anyway
At least since xp from Windows I have not had to

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

Lynx is not officially supported, and never will be, not even by the mobile site.

As for the alt tags attributes, I don’t have control over those. They’re controlled by the templates and would cause more trouble than it would solve long term.

And to save some time: Any version of Android greater than 4.4.0 running current versions of Chrome or Firefox should be fine unless the OEM of your device deliberately fucked the ROM up to break the HTTP stack.

If you’re running an older Android release that is still receiving compatible Chrome updates, you should be fine. Also if you’re running the current stable releases of Chrome, Firefox, or Firefox ESR on Windows Vista or later you’ll be fine.

Now if you’re not running Windows 10, your support will be iffy in Internet Explorer. You absolutely need to be running the latest version on Windows 7. I’m not sure if they stopped updating Vista’s version before or after the SNI related changes and I no longer have a Vista install to check it with. XP absolutely will not work with IE unless you click through the warning. IE on XP is simply incapable of handling SNI at all because it does not have the necessary TLS support.

Now regarding 10. I personally know that some of the current Insider builds have issues with Edge, but it appears to be limited to a specific version in the Fast Ring. It works fine in the current stable build and the most recent builds released to Insiders in the Slow Ring.

I’m actually working on compiling a list of officially confirmed browser/OS combos known to work and known to not work.

You won’t have to change anything. When it goes into effect there will be redirect in place. Literally any link to the http:// version will be redirected to the https:// version of the page. Then again if browsers handled permanent redirects the recommended way they would automatically ask you for permission to update the bookmark. :stuck_out_tongue:

Oh, and I love that you mentioned the www vs. no www thing. I used to have a site where those were different sites entirely to prove a point. They aren’t required to be the same site by anything other than tradition :wink:

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

I just reported that Lynx worked. The experience of using Lynx isn’t exactly the best experience for reading a webpage. I was surprised it worked with SSL. I know that no one is going to officially support it.

I just mentioned alt attributes because screen readers and other accessibility things make use of alt attributes and you need them for compliance with Section 508. It also makes it easy to see what is going on in a text only browser by describing each image.

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

<sarcasm>NO REALLY? I had no idea what alt attributes are used for…</sarcasm>

And hey, guess what, not a government website so I have zero fucks to give about Section 508 compliance, and that has nothing to do with this topic anyway so the discussion ends.

EDIT: Seriously, when I said the discussion about the alt attributes ends, I meant it. Full stop. The next person who emails or PMs me about it is not going to like me, I can assure you.

Re: Forced SSL mode will be turned on June 1st, 2016 @ Midnight CDT

4 minutes past midnight, and this is now active. If you have any problems, please email me at issues@abdlstoryforum.info and I’ll work with you to get them straightened out.