No secure connection to LHC

**iforgotmylogin** · July 3rd, 2020, 02:01 AM

Already ruled that out

**iforgotmylogin** · July 3rd, 2020, 02:04 AM

You guys really need to make the site only allow being logged in with a secure connection, instead of letting it fall back to unsecure

**EdG** · July 3rd, 2020, 02:04 AM

You need to debug more.
Ed

**iforgotmylogin** · July 3rd, 2020, 02:06 AM

No, the site needs to be administered properly

**enting** · July 3rd, 2020, 05:04 AM

It's not secure on my end either. Never has been. Despite being https.

**EdG** · July 3rd, 2020, 09:26 AM

Originally Posted by iforgotmylogin

No, the site needs to be administered properly

I think that users would complain if they could not log in without a secure connection.

Originally Posted by enting

It's not secure on my end either. Never has been. Despite being https.

You need to debug that.
Ed

**blackgothicdoll** · July 4th, 2020, 10:17 PM

Originally Posted by iforgotmylogin

Being redirected from http to https doesn't guarantee the secure connection gets established. Hence how I'm using the site unsecured

What makes you think you're using the site unsecured?

Are you using HTTP via TLS? Does a packet capture show your credentials in plain text if you run the pcap while signing on? Does the certificate not show as 'valid'?

HTTPS is a protocol, and doesn't guarantee the method, you are correct. But the site isn't unsecured, either.

There are various ways you can find this out, but the easier way for me is to press CTRL + SHIFT + I in my browser and view my dev tools. What is likely flagging in your browser is a non-secure form (where I am typing my data to post in) which we are all able to see as it is. The certificate shows as valid and trusted and the connection is using TLS 1.2, which is likely (hopefully) trusted by your browser.