Advanced search

Message boards : Wish list : SSL/HTTPS support for cosmology@home?

Author Message
Customminer
Send message
Joined: 3 Apr 14
Posts: 1
Credit: 139,020
RAC: 0
Message 21044 - Posted: 27 Apr 2016, 21:33:47 UTC

Hey,

I checked SSL support for all BOINC projects yesterday in the following thread:
https://boinc.berkeley.edu/dev/forum_thread.php?id=10973

The users in the thread suggested reaching out to all affected projects, so here I am!

Cosmology has no SSL/HTTPS support: https://www.ssllabs.com/ssltest/analyze.html?d=www.cosmologyathome.org

Are there any plans to implement SSL/HTTPS support?

I used letsencrypt on my own website & received an A+ rating. It was free and took an hour max to setup a valid HTTPS certificate. https://letsencrypt.org/

Thanks

Profile Marius
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 29 Jun 15
Posts: 427
Credit: 4,276
RAC: 0
Message 21045 - Posted: 27 Apr 2016, 23:47:52 UTC - in response to Message 21044.

Hey,

I checked SSL support for all BOINC projects yesterday in the following thread:
https://boinc.berkeley.edu/dev/forum_thread.php?id=10973

The users in the thread suggested reaching out to all affected projects, so here I am!

Cosmology has no SSL/HTTPS support: https://www.ssllabs.com/ssltest/analyze.html?d=www.cosmologyathome.org

Are there any plans to implement SSL/HTTPS support?

I used letsencrypt on my own website & received an A+ rating. It was free and took an hour max to setup a valid HTTPS certificate. https://letsencrypt.org/

Thanks


Hi, thanks, there definitely are plans in fact! Kevin and I started looking at it a while ago but haven't had time to finish up. We were planning on using letsencrypt like you mention. Probably just the website will come first, I don't fully understand yet what the effect will be of switching the scheduler URL to an https one and I want to make sure we don't break anything for anyone in the transition.

ummon17
Avatar
Send message
Joined: 14 Aug 16
Posts: 6
Credit: 6,749,224
RAC: 0
Message 21160 - Posted: 7 Sep 2016, 7:38:14 UTC

Gridcoin poll resulted in a win of yes at SSL question.
Projects not using SSL will be removed from whitelist soon.

There's an ETA for this task?

Thanks.
____________

Profile Marius
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 29 Jun 15
Posts: 427
Credit: 4,276
RAC: 0
Message 21161 - Posted: 7 Sep 2016, 23:47:28 UTC - in response to Message 21160.

Thanks for the update. Could you point me to the Gridcoin discussion regarding this? I want to make sure I stay up to date.

Is the requirement to stay on the whitelist website SSL or scheduler SSL (or both?) Website SSL I can probably do this week. Scheduler will take more thought, but could certainly be pushed along if Gridcoin gives a hard deadline.

ummon17
Avatar
Send message
Joined: 14 Aug 16
Posts: 6
Credit: 6,749,224
RAC: 0
Message 21166 - Posted: 8 Sep 2016, 7:27:00 UTC - in response to Message 21161.

Thanks for the update. Could you point me to the Gridcoin discussion regarding this? I want to make sure I stay up to date.

Is the requirement to stay on the whitelist website SSL or scheduler SSL (or both?) Website SSL I can probably do this week. Scheduler will take more thought, but could certainly be pushed along if Gridcoin gives a hard deadline.


If you don't use a grc client, you can see the poll here:
http://www.gridresearchcorp.com/gridcoin/?votedetail&t=Poll_Detail&opt=2&pname=SSL_Enforcement_Poll&q=Should_SSL_encryption_be_mandatory_for_whitelisted_BOINC_projects

The discussion is here:
https://cryptocointalk.com/topic/49336-should-ssl-encryption-be-a-mandatory-project-requirement/

The poll will expire tomorrow but something weird happened (at least on my client .-) ). At this moment NO answer is winning while yesterday I had YES at first place. Maybe a refresh issue on my client (sometimes it happens).

Despite poll results, SSL is a good thing to prevent MITM.
Hope these info helps.
____________

Profile Marius
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 29 Jun 15
Posts: 427
Credit: 4,276
RAC: 0
Message 21179 - Posted: 22 Sep 2016, 15:27:31 UTC - in response to Message 21166.

Ok, its live, let me know if you guys spot any issues https://www.cosmologyathome.org.

For now its entirely optional meaning:
* The master URL remains http
* The scheduler URL remains http
* We are not forwarding any http connections to https.

At some point all these thing will likely change, but that will take some more thought / warning as it has the potential to disrupt people's existing setup.

Thanks to Gridcoin and the couple of you in particular that have contacted me to kick me into gear for getting this set up ;)

Profile Bill F
Send message
Joined: 21 Dec 07
Posts: 6
Credit: 161,626
RAC: 22
Message 21450 - Posted: 24 May 2017, 22:46:37 UTC

Well it has been about 8 months have you reached any conclusions about making the Master and Schedulers HTTPS as Primary ?

And or forwarding from the HTTP address ?

Thanks
Bill
____________

Message boards : Wish list : SSL/HTTPS support for cosmology@home?