incubator-ooo-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <>
Subject Re: Bad site certificate
Date Sun, 04 Nov 2012 22:00:18 GMT
On Sun, Nov 4, 2012 at 12:53 PM, Dave Fisher <> wrote:
> On Nov 1, 2012, at 5:39 PM, NoOp wrote:
>> On 11/01/2012 10:45 AM, Andrea Pescetti wrote:
>>> On 25/10/2012 NoOp wrote:
>>>> On 10/25/2012 10:50 AM, Andrea Pescetti wrote:
>>>>> The recommended way to access the OpenOffice site in HTTPS for those
>>>>> prefer it over HTTP is to use:
>>>> Like the above, the URL should be configured to automatically redirect
>>>> to when an https request is received?
>>> Apparently, this won't work since Infra says "Redirect won't work, as
>>> the SSL handshake precedes the first opportunity to send a redirect".
>> That doesn't make any sense as I've already demonstrated that the other
>> https links to those IP addresses do indeed redirect.
>>> But you are welcome to weigh in directly on
>>> :
>>> registration is open to everyone.
>> Thanks, but no thanks. I suppose I could provide a server trace &
>> wireshark session file etc., but I doubt that it will do any good to
>> attempt to change Daniel Shahaf's mind.  You, however, might ask him
>> just how the other https links work on those IP's, yet the OOo link does
>> not, and why 443 is turned on for that URL to begin with if Apache do
>> not intend to support https on that link.
> If 443 were turned off then another vhost for another project would answer the request
and there would still be a warning.
> If a * certificate were purchased it would be secondary to *
and older browsers would still have trouble. I've setup multiple certificates on httpd at
work and know this to be so. No way the ASF will put the * certificate (if
purchased) first.
> We can do a rewrite of https traffic to http but that happens after the handshake and
the security warning.
> I doubt that this razor fine point is worth the effort and the tradeoff of increased
complexity for Infrastructure.

Probably no use for SSL site wide, but we do have a small number of
pages where we would benefit, like the login/registration pages for
the domain wiki and the support forums.

> If we had a view of what browsers are used and how much is https we can measure the impact
and determine if effort here is worth it.
>>> And if in the end the most sensible solution is that we acquire a
>>> certificate for * , this is surely something the PMC and
>>> Infra can look into. But it would be good to see the discussion in the
>>> issue page converge.
> That discussion is there in the JIRA. You can see the bit above. It is an incremental
improvement effective for modern browsers.
> Regards,
> Dave
>>> Regards,
>>>   Andrea.
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message