19 coaches online • Server time: 01:42
* * * Did you know? The best blocker is Taku the Second with 551 casualties.
Log in
Recent Forum Topics goto Post Gnomes are trashgoto Post Roster Tiersgoto Post Gnomes FTW! (Replays...
FUMBBL SSL Certificate
Posted by: Christer on Jan2016104pm16, Jpm1000000pmMon, 04 Jan 2016 15:05:21 +010016 %04, %2016 - %15:%Jan
Those of you who are using Chrome to access the site, specifically with SSL enabled (i.e. https), may have noticed that the browser shows a red cross over the padlock symbol.

This is an effect of Google being overly cautious with what's called the signature algorithm used in the security certificate that is installed on the site (specifically SHA-1).

Now, while there has been some research done in the last few years showing that computational power is getting closer to break SHA-1 within a reasonable time-frame, it's not currently insecure. Google has simply chosen to mark certificates with SHA-1 signatures as weak as of the start of this year. At the same time, they are themselves using SHA-1 signed certificates for their own services (and happily marking them as safe).

So, you may wonder, why not just switch to SHA-256 signed certificates?

It turns out that some configurations simply don't support it. Specifically, Windows XP prior to service pack 3. Using a browser without its own SSL implementation (such as IE or Chrome), you'll simply not be able to access the site over https.

Should you worry about this? Not really. It's not unthinkable that a nation-state could eavesdrop on SSL traffic to and from this site if they chose to put their resources into it. Without that level of computing power, it's not realistic to think that someone could listen in on your web traffic (essentially, doing this would allow someone to take over your account).

On my end, I am going to investigate my options for reissuing the SSL certificate used on the site using SHA-256. This will theoretically break things for the few people who use XP prior to SP3 using Chrome or Internet Explorer. It would probably be a good idea for the few people who are on this setup (roughly 2.2% of people accessing FUMBBL use Windows XP) to upgrade to a later OS. If that's not possible, installing Firefox is a reasonable option which will let you continue to use SSL secured connections. Not only to this site (which arguably is less significant), but also to other sites containing actual sensitive data.

TL;DR
Chrome shows the site uses an insecure certificate. This is sort of half-true, but you don't need to worry about it. If you're on Windows XP SP2 or earlier, switch to Firefox or things will start breaking over time.