Jump to content
IGNORED

TI Gameshelf


Vorticon

Recommended Posts

It is possible for a server to serve both a http page and a https page. This is really a best option as if someone cannot access the https for whatever reason, they can fall back to the http. It can happen several ways- someone can type https and go to the https and someone can type http and go to the http page- my preference. Some sites put in an auto-redirect from http to https, which I find less helpful as a problem with https will lock you out..

With the present gameshelf server settings I can access the http pages but I cannot access the https pages as the server settings use only ECDHE or ECDSA - and my ancient browser doesn't have those. There are other ciphers equally secure - and used by other https pages! - but they are falling out of favour.
bb

Edited by blackbox
Link to comment
Share on other sites

OK done. It was really 1 click and totally free.
Now https://tigameshelf.net shows up as secure, but http://tigameshelf.net is still insecure. I thought you could not access a secure site without https. Am I missing something?
 
Http is unsecure you can force http to https if you want or leave it available to those that wish to use it

Sent from my Pixel 6 Pro using Tapatalk

  • Thanks 1
  • Sad 1
Link to comment
Share on other sites

27 minutes ago, Vorticon said:

OK done. It was really 1 click and totally free.

Now https://tigameshelf.net shows up as secure, but http://tigameshelf.net is still insecure. I thought you could not access a secure site without https. Am I missing something?

 

 

Maybe there this is another click in the control-panel to redirect that http to https ? (So it is at my provider)

...or via the index.html file ?

 

 

 

 

  • Sad 1
Link to comment
Share on other sites

16 minutes ago, Schmitzi said:

 

Maybe there this is another click in the control-panel to redirect that http to https ? (So it is at my provider)

...or via the index.html file ?

 

 

 

 

There is and I clicked it, but it didn't seem to do anything. I guess I'll leave it to the user to select their security level. I've done all I can to save them ?

Actually Firefox does indeed redirect to https whereas Chrome does not. Interesting...

  • Like 2
  • Sad 1
Link to comment
Share on other sites

There is a setting in Firefox "enforce https". If deactivated it stays on http.

 

You may define a rewrite-rule in .htaccess in some webservers to force the redirection to https on the server-side:

RewriteEngine On
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]
  • Thanks 2
  • Sad 1
Link to comment
Share on other sites

13 minutes ago, SteveB said:

There is a setting in Firefox "enforce https". If deactivated it stays on http.

 

You may define a rewrite-rule in .htaccess in some webservers to force the redirection to https on the server-side:


RewriteEngine On
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]

Actually it turned out Chrome has a similar option, and when I set it now it redirects to https.

  • Sad 1
Link to comment
Share on other sites

20 minutes ago, blackbox said:

And now I can no longer access tigameshelf
So I guess your website is now extremely secure for me. I can't see it.
Thanks very much. bb

 

What browser and version do you use ?

I´ve rechecked both (http and https) and works fine (with FireFox 95.0)

 

Link to comment
Share on other sites

1 hour ago, SteveB said:

...

 

You may define a rewrite-rule in .htaccess in some webservers to force the redirection to https on the server-side:


RewriteEngine On
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]

 

yeah, this (and not the index.html)  :thumbsup:

now I remember the struggle at the first time :)

 

 

 

 

Link to comment
Share on other sites

3 hours ago, Vorticon said:

OK done. It was really 1 click and totally free.

Now https://tigameshelf.net shows up as secure, but http://tigameshelf.net is still insecure. I thought you could not access a secure site without https. Am I missing something?

There may be a setting on the website to disable non-secure, redirect from non-secure, or force secure.

 

3 hours ago, Vorticon said:

Is there a .onion domain? That would be hilarious!

Only on the "dark web."  WOOooooooOOOooooOOoOO!!!!

Link to comment
Share on other sites

3 hours ago, blackbox said:

With the present gameshelf server settings I can access the http pages but I cannot access the https pages as the server settings use only ECDHE or ECDSA - and my ancient browser doesn't have those. There are other ciphers equally secure - and used by other https pages! - but they are falling out of favour.
bb

I had a similar problem with my Sendmail configurations.  By default, Sendmail does not compile with ECDHE ciphers enabled, so I was unable to communicate with any Windows 2019 servers.  Confirmed below, the site is only allowing ECDHE ciphers, which is unnecessarily strict when DHE and even some RSA ciphers are still good.  Not sure if that can be corrected, but maybe leaving the http site available just-in-case is a good option.

 

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

 

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

29 minutes ago, Vorticon said:

OK I removed the forced https option. Hopefully this will allow access to all.

 

BITD I used to have a link to the secure side of my websites, for those who wanted the extra security.  Mostly this was on my webmail pages.  Believe it or not, we had customers who could not load secure pages (mostly old Mac Netscape hold-outs... even my Amiga could load SSL pages. Sheesh.)

 

I would expect modern browsers to try a secure connection before falling back to http, but it appears they still default to non-secure.  Ah, well.  At least the option is there, now, and will be immediate available for people using SSLEverywhere or the like.

Link to comment
Share on other sites

  • 1 year later...
On 5/23/2023 at 9:53 PM, Cheung said:

Any news on when the next update to TI Game Shelf might be? I sent an email to the site admin about a month ago but didn't get a reply.

Can you resend? I don't recall receiving that email. As for the update, it depends on my free time availability but I do eventually get to it :) This is a hobby after all.

  • Like 3
  • Thanks 2
Link to comment
Share on other sites

23 hours ago, Vorticon said:

Can you resend? I don't recall receiving that email. As for the update, it depends on my free time availability but I do eventually get to it :) This is a hobby after all.

 

I dropped by to say thank you for putting Bio Meteor on your website.

When you have time, I noticed the manual is incorrect, it's the Spac Man manual

 

  • Like 2
Link to comment
Share on other sites

On 5/25/2023 at 3:12 PM, Vorticon said:

Can you resend? I don't recall receiving that email. As for the update, it depends on my free time availability but I do eventually get to it :) This is a hobby after all.

Just resent the email. Sorry for the delay, I didn't get notice of the response or updates to this thread even though I am following it.

Link to comment
Share on other sites

On 5/29/2023 at 7:02 AM, Cheung said:

Just resent the email. Sorry for the delay, I didn't get notice of the response or updates to this thread even though I am following it.

Found it in my Spam folder. I'll review the games over the next 2-3 weeks. Thanks for sharing!

  • Thanks 1
Link to comment
Share on other sites

On 5/26/2023 at 2:03 PM, Sergioz82 said:

 

I dropped by to say thank you for putting Bio Meteor on your website.

When you have time, I noticed the manual is incorrect, it's the Spac Man manual

 

Sergio, can you send me the correct manual?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...