Hey,

I checked SSL support for all BOINC projects yesterday in the following thread:
https://boinc.berkeley.edu/dev/forum_thread.php?id=10973

The users in the thread suggested reaching out to all affected projects, so here I am!

Cosmology has no SSL/HTTPS support: https://www.ssllabs.com/ssltest/analyze.html?d=www.cosmologyathome.org

Are there any plans to implement SSL/HTTPS support?

I used letsencrypt on my own website & received an A+ rating. It was free and took an hour max to setup a valid HTTPS certificate. https://letsencrypt.org/

Thanks

Hey,

I checked SSL support for all BOINC projects yesterday in the following thread:
https://boinc.berkeley.edu/dev/forum_thread.php?id=10973

The users in the thread suggested reaching out to all affected projects, so here I am!

Cosmology has no SSL/HTTPS support: https://www.ssllabs.com/ssltest/analyze.html?d=www.cosmologyathome.org

Are there any plans to implement SSL/HTTPS support?

I used letsencrypt on my own website & received an A+ rating. It was free and took an hour max to setup a valid HTTPS certificate. https://letsencrypt.org/

Thanks

Hi, thanks, there definitely are plans in fact! Kevin and I started looking at it a while ago but haven't had time to finish up. We were planning on using letsencrypt like you mention. Probably just the website will come first, I don't fully understand yet what the effect will be of switching the scheduler URL to an https one and I want to make sure we don't break anything for anyone in the transition.

Gridcoin poll resulted in a win of yes at SSL question.
Projects not using SSL will be removed from whitelist soon.

There's an ETA for this task?

Thanks.

---

Thanks for the update. Could you point me to the Gridcoin discussion regarding this? I want to make sure I stay up to date.

Is the requirement to stay on the whitelist website SSL or scheduler SSL (or both?) Website SSL I can probably do this week. Scheduler will take more thought, but could certainly be pushed along if Gridcoin gives a hard deadline.

Thanks for the update. Could you point me to the Gridcoin discussion regarding this? I want to make sure I stay up to date.

Is the requirement to stay on the whitelist website SSL or scheduler SSL (or both?) Website SSL I can probably do this week. Scheduler will take more thought, but could certainly be pushed along if Gridcoin gives a hard deadline.

If you don't use a grc client, you can see the poll here:
http://www.gridresearchcorp.com/gridcoin/?votedetail&t=Poll_Detail&opt=2&pname=SSL_Enforcement_Poll&q=Should_SSL_encryption_be_mandatory_for_whitelisted_BOINC_projects

The discussion is here:
https://cryptocointalk.com/topic/49336-should-ssl-encryption-be-a-mandatory-project-requirement/

The poll will expire tomorrow but something weird happened (at least on my client .-) ). At this moment NO answer is winning while yesterday I had YES at first place. Maybe a refresh issue on my client (sometimes it happens).

Despite poll results, SSL is a good thing to prevent MITM.
Hope these info helps.

---

Ok, its live, let me know if you guys spot any issues https://www.cosmologyathome.org.

For now its entirely optional meaning:
* The master URL remains http
* The scheduler URL remains http
* We are not forwarding any http connections to https.

At some point all these thing will likely change, but that will take some more thought / warning as it has the potential to disrupt people's existing setup.

Thanks to Gridcoin and the couple of you in particular that have contacted me to kick me into gear for getting this set up ;)

Well it has been about 8 months have you reached any conclusions about making the Master and Schedulers HTTPS as Primary ?

And or forwarding from the HTTP address ?

Thanks
Bill

---