SSL Error for https://esotericsoftware.com

JJeremy · Jun 30, 2020

Just wanted to let you know that the main website is failing SSL checks. The primary certificate is fine, but a few certs in the trust chain expired at the end of May. I believe you should be able to download a new cert bundle for free when that kind of thing happens.

You can use this to validate your SSL chain is working properly:
https://www.ssllabs.com/ssltest/analyze.html?d=esotericsoftware.com&latest

Also, you have a few ciphers/protocols enabled that are on the less secure side. Might be good to tighten up the SSL settings. Here's a handy site for generating the SSL config block for various web servers:
https://ssl-config.mozilla.org/

JJeremy · Jun 30, 2020

Nate · Jun 30, 2020

Thanks for pointing that out. We've updated the certificate chain. Cheers! :beer:

Last we checked the ciphers list was OK, seems they're expanding what is considered weak. I'm wary of making it too restrictive, so we'll leave it for now. At least they are all 128+ and are still rated green (90/100) by SSL Labs.

JJeremy · Jul 1, 2020

Now that the SSL is fixed I see you are doing something unusual: You are redirecting https -> http. Is that intentional? Most sites do the opposite these days.

Nate · Jul 1, 2020

Yeah, it's from the old days where HTTPS was avoided for speed, just used where needed. Nowadays the push is for everything to be HTTPS. We'll do that eventually, just lagging behind a bit. A number of users are inside the great firewall of China and it may be easier for them to establish non-HTTPS connections. At least, what we have isn't currently broken, so we haven't had the need to change it yet.

JJeremy · Jul 2, 2020

Ah, makes sense. Yeah, these days with http2 it's actually faster to use HTTPS most of the time