Re: Virtual Hosts and SSL Puzzler

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/22/2013 9:44 AM, Yehuda Katz wrote:
On Tue, Oct 22, 2013 at 9:39 AM, Dennis Putnam <dap1@xxxxxxxxxxxxx> wrote:
Thanks. That might make more sense (at least to me). After more reading,
I am not sure that I don't have SNI capable version of httpd already
installed (how do I tell?). The pages that work are very simple but the
one that doesn't is complex and has lots of graphics. If that is the
case, why are they not encrypted like everything else (assuming they are
not referenced on a different server)?

As I mentioned, if you don't have SNI, then you should see major warnings from the browser that something is wrong when you go to any site but the first one.

As far as finding the offending image: Go to the page in your browser, right click on the page and choose view source (or a similar option). Then search in the source for http://
That should let you find which images are not secure.
If the URLs are publicly accessible, post them here if you want someone to have a specific look (or email me privately if you don't want them to be public and I will try to have a look).

- Y

Ah ha! You hit it. There are references to social media on the page that use http (Facebook, LinkedIn and Twitter). Since they reference a different site will just changing it to https be sufficient or is there some other workaround? Thanks.

Attachment: signature.asc
Description: OpenPGP digital signature

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux