Page Index Toggle Pages: [1] 2  Send TopicPrint
Hot Topic (More than 15 Replies) SSL Encryption (Read 8553 times)
Administrator
Administrator
*****
Offline



Posts: 296
Joined: Sep 28th, 2000
SSL Encryption
Oct 28th, 2006 at 11:29pm
Print Post  
This message board now uses SSL encryption by default. What this means is that the connection between your computer and AntiPolygraph.org's server (currently located in Vancouver, British Columbia, Canada) will be encrypted using up to 256-bit AES. This enhances privacy in a number of ways:

1) If you are connecting to AntiPolygraph.org via a public WiFi connection, a packet sniffer won't be able to intercept such information as your user ID and password.

2) If you connect to this site via an anonymous proxy such as the Tor network, the operator of any potential rogue proxy server will not be able to intercept your communications.

3) Potential government monitoring of the communications of posters to this message board should be more difficult.

You may receive a warning that the certificate presented by this website "cannot be verified up to a trusted certification authority." Don't be alarmed. You should find that the certificate was issued by CA Cert Signing Authority (www.cacert.org) on 10/29/06 and expires on 04/27/07. Fingerprints for the certificate are as follows:

SHA1 Fingerprint     90:70:84:A9:18:66:E9:55:51:2A:15:E9:65:1C:BF:A0:09:7F:40:6F

MD5 Fingerprint     5A:62:F6:8A:DD:7D:90:C5:EC:F0:DE:2B:56:4E:68:3A

Note that links in many messages will take you to unencrypted pages on AntiPolygraph.org. To go to such links with SSL encryption, instead of clicking on the link, first copy and paste it into your browser's destination window, replace "http" with "https," and then hit enter.
« Last Edit: Nov 7th, 2006 at 11:02pm by Administrator »  

AntiPolygraph.org Administrator
Back to top
WWW  
IP Logged
 
Administrator
Administrator
*****
Offline



Posts: 296
Joined: Sep 28th, 2000
Re: SSL Encryption
Reply #1 - Nov 7th, 2006 at 11:14pm
Print Post  
On 6 August 2006, AntiPolygraph.org began using a new SSL certificate issued by Starfield Secure Certification Authority. Specifications for this certificate are as follows:

Issue Date: 06 November 2006

Expiration Date: 06 November 2007

Serial Number: 3E:CA:BF

SHA1 Fingerprint: D2:23:3A:3C:45:FA:75:56:F3:5A:0C:45:DF:7D:D2:FA:B4:0A:33:A3

MD5 Fingerprint: 4D:88:AD:95:28:02:D2:55:12:CF:6B:BC:C8:04:64:37
  

AntiPolygraph.org Administrator
Back to top
WWW  
IP Logged
 
Administrator
Administrator
*****
Offline



Posts: 296
Joined: Sep 28th, 2000
Re: SSL Encryption
Reply #2 - Mar 8th, 2013 at 10:42am
Print Post  
On 15 December 2012, AntiPolygraph.org began using a new SSL certificate issued by RapidSSL CA with the following specifications:

Issue Date: 13 December 2012

Expiration Date: 16 December 2014

SHA1 Fingerprint: 72 51 4B 16 AB E5 5B 6D D9 CA 76 CB A0 33 93 15 E7 A0 0A CC

MD5: 69 36 0E 75 96 C5 D2 3C 08 D6 00 EE 0A 45 17 B3
  

AntiPolygraph.org Administrator
Back to top
WWW  
IP Logged
 
Administrator
Administrator
*****
Offline



Posts: 296
Joined: Sep 28th, 2000
Re: SSL Encryption
Reply #3 - Mar 16th, 2013 at 11:03am
Print Post  
To enhance the privacy of our visitors, AntiPolygraph.org is now configured to redirect all http traffic to https. The forum has been set up for https connections for some time. But now requests for pages from other parts of the site will also be encrypted. For example, a request for:

http://antipolygraph.org

will now redirect to:

https://antipolygraph.org
  

AntiPolygraph.org Administrator
Back to top
WWW  
IP Logged
 
Administrator
Administrator
*****
Offline



Posts: 296
Joined: Sep 28th, 2000
Re: SSL Encryption
Reply #4 - Aug 29th, 2013 at 5:55am
Print Post  
On 28 29 August 2013, AntiPolygraph.org began using a new SSL certificate issued by StartCom Ltd with the following specifications:

Issue Date: 28 August 2013

Expiration Date: 29 August 2014

SHA1 Fingerprint: 6D:03:06:8A:A8:5A:53:BE:87:5E:69:02:78:6D:DE:DD:2A:7E:26:9B

MD5 Fingerprint: 8C:D9:25:26:6D:08:10:9D:6C:3F:DF:CA:DC:CD:12:92

Update: A revocation request has been sent for this SSL certificate. Why? The secret key was generated on StartCom's server. As a security precaution, we'll be getting a new certificate with a secret key that was generated on and has never left AntiPolygraph.org's server.

There may be a period between revocation of the existing SSL certificate and issuance and installation of the new one during which your web browser will display warnings that the security of your connection to AntiPolygraph.org is not trusted.
« Last Edit: Aug 29th, 2013 at 10:19pm by Administrator »  

AntiPolygraph.org Administrator
Back to top
WWW  
IP Logged
 
Administrator
Administrator
*****
Offline



Posts: 296
Joined: Sep 28th, 2000
Re: SSL Encryption
Reply #5 - Aug 29th, 2013 at 10:25pm
Print Post  
Again on 29 August 2013, AntiPolygraph.org began using a new SSL certificate issued by StartCom Ltd with the following specifications:

Issue date: 28 August 2013

Expiration date: 29 August 2014

SHA1 Fingerprint: C1:85:E3:2B:C3:05:2C:01:03:25:38:9A:EB:7E:54:7C:9D:6A:62:EF

MD5 Fingerprint: EE:BC:8F:48:68:A3:B8:50:AC:91:FB:BE:EF:1A:D8:48

The 4096-bit secret key associated with this certificate was generated on and has never left AntiPolygraph.org's server.
  

AntiPolygraph.org Administrator
Back to top
WWW  
IP Logged
 
Administrator
Administrator
*****
Offline



Posts: 296
Joined: Sep 28th, 2000
Re: SSL Encryption
Reply #6 - Sep 12th, 2013 at 7:08pm
Print Post  
AntiPolygraph.org's server now supports TLS 1.2 and prefers AES 256 to secure connections. In addition, if you use Firefox (including Tor Browser), Chrome, Opera, or Safari,  ephemeral key exchange (Perfect Forward Secrecy) is supported. See Qualys SSL Labs' report for AntiPolygraph.org:

https://www.ssllabs.com/ssltest/analyze.html?d=antipolygraph.org
« Last Edit: Sep 12th, 2013 at 7:24pm by Administrator »  

AntiPolygraph.org Administrator
Back to top
WWW  
IP Logged
 
Administrator
Administrator
*****
Offline



Posts: 296
Joined: Sep 28th, 2000
Re: SSL Encryption
Reply #7 - Sep 19th, 2013 at 8:25am
Print Post  
The latest version of Mozilla Firefox (24) has added support for TLS 1.2, which AntiPolygraph.org's server supports. However, support for TLS 1.2 is disabled by default in Firefox.

If you use Firefox, then to enhance the security of your connection:

1) Ensure that you have the latest version of Firefox;

2) In the URL entry field, type "about:config";

3) Search for "security.tls.version.max";

4) Change the value for this field from "1" to "3".

That's it. You'll find documentation of this setting here:

http://kb.mozillazine.org/Security.tls.version.*

If you are using Google Chrome, versions 29 and above support TLS 1.2 by default.
  

AntiPolygraph.org Administrator
Back to top
WWW  
IP Logged
 
Administrator
Administrator
*****
Offline



Posts: 296
Joined: Sep 28th, 2000
Re: SSL Encryption
Reply #8 - Nov 17th, 2013 at 8:04am
Print Post  
On 17 November 2013, AntiPolygraph.org began using a new SSL certificate issued by RapidSSL CA with the following specifications:

Issue date: 15 November 2013

Expiration date: 18 November 2014

SHA1 Fingerprint: B9 22 55 33 F0 81 2F 2F 19 55 EE EA C9 DA BC 3F DC 0F E1 34

MD5 Fingerprint: FE 8F D6 AE 8E DB 9F 6B E5 2B C0 9B 46 B1 AA 4B

A new 4096-bit secret key was created for use with this certificate. It was generated on and has never left AntiPolygraph.org's server. The old 4096-bit secret key associated with our previous SSL certificate has been deleted from the server.

If you attempt to load www.antipolygraph.org instead of antipolygraph.org, you will receive a warning about a host name mismatch. It's safe to add a security exception.
  

AntiPolygraph.org Administrator
Back to top
WWW  
IP Logged
 
Administrator
Administrator
*****
Offline



Posts: 296
Joined: Sep 28th, 2000
Re: SSL Encryption
Reply #9 - Nov 22nd, 2013 at 3:07pm
Print Post  
On 22 November 2013, AntiPolygraph.org began using a new SSL certificate issued by RapidSSL CA with the following specifications:

Issue date: 21 November 2013

Expiration date: 24 November 2014

SHA1 Fingerprint: B8 01 D4 2F 97 2E 11 1A 11 BC 45 7F 46 82 2E 13 0B 07 6F BC

MD5 Fingerprint: 89 FA C1 2D D8 45 2C B7 8E 2D 25 CE 0C 5F DA F2

A new 4096-bit secret key was created for use with this certificate. It was generated on and has never left AntiPolygraph.org's server. The old 4096-bit secret key associated with our previous SSL certificate (issued only a few days ago) has been deleted from the server.

The new certificate is valid for both www.antipolygraph.org and antipolygraph.org, so visitors should not receive warnings about the validity the certificate for either domain.
  

AntiPolygraph.org Administrator
Back to top
WWW  
IP Logged
 
Administrator
Administrator
*****
Offline



Posts: 296
Joined: Sep 28th, 2000
Re: SSL Encryption
Reply #10 - Dec 6th, 2013 at 8:55pm
Print Post  
Earlier this week, a problem arose on the server that hosts AntiPolygraph.org whereby support for Perfect Forward Secrecy was lost and many web browser would establish connections using the RC4 cipher, which is reportedly broken. As a precaution, this message board and the chat room were temporarily closed.

The problem was fixed by our web hosting company, OrangeWebsite.com by mid-week. However, it remains unclear what caused the problem.

As an additional security precaution, AntiPolygraph.org has today (6 December 2013) begun using a new SSL certificate issued by RapidSSL CA with the following specifications:

Issue date: 5 December 2013

Expiration date: 24 November 2014

SHA-256 Fingerprint: 98 7F 0D E9 97 7F 00 FC F2 8B 96 AC BE F7 09 AF 23 D1 64 9D 3A 81 59 08 A3 68 1F 44 F0 94 42 85

SHA-1 Fingerprint: 37 87 D7 32 0B FF 38 71 2E 73 4E 16 59 1D A0 C6 CE EA 74 75

MD-5 Fingerprint: 37 87 D7 32 0B FF 38 71 2E 73 4E 16 59 1D A0 C6 CE EA 74 75 FE B0 B6 8E 37 F4 22 B5 7D 98 9F 4E 50 10 53 03

A new 4096-bit secret key was created for use with this certificate. It was generated on and has never left AntiPolygraph.org's server. The old 4096-bit secret key associated with our previous SSL certificate has been deleted from the server.
  

AntiPolygraph.org Administrator
Back to top
WWW  
IP Logged
 
Administrator
Administrator
*****
Offline



Posts: 296
Joined: Sep 28th, 2000
Re: SSL Encryption
Reply #11 - Apr 12th, 2014 at 10:07am
Print Post  
On 12 April 2014, AntiPolygraph.org began using a new SSL certificate issued by RapidSSL CA with the following specifications:

Issue date: 8 April 2014

Expiration date: 24 November 2014

SHA-1 Fingerprint: 91 18 18 91 3F A2 97 E1 A7 8F 11 F9 99 35 B4 40 74 0E 05 19

MD-5 Fingerprint: 23 49 D3 15 04 65 C6 90 5C 71 05 6B FB 1E EB BC

A new 4096-bit secret key was created for use with this certificate. It was generated on and has never left AntiPolygraph.org's server. The old 4096-bit secret key associated with our previous SSL certificate has been deleted from the server.
  

AntiPolygraph.org Administrator
Back to top
WWW  
IP Logged
 
Administrator
Administrator
*****
Offline



Posts: 296
Joined: Sep 28th, 2000
Re: SSL Encryption
Reply #12 - Sep 11th, 2014 at 8:15am
Print Post  
On 11 September 2014, AntiPolygraph.org began using a new SSL certificate issued by RapidSSL CA with the following specifications:

Issue date: 9 September 2014

Expiration date: 12 December 2016

SHA-256 Fingerprint: 82:6B:89:00:D9:0B:8A:10:1C:94:07:8B:C2:13:71:88:6A:7A:0E:13:80:E4:F9:A2:B5:25:FD

:95:88:EC:84:FD

SHA-1 Fingerprint: 9B:6F:F1:64:C3:B9:C3:CF:33:70:C0:02:0A:63:9C:8D:FC:6B:89:15

A new 4096-bit secret key was created for use with this certificate. It was generated on and has never left AntiPolygraph.org's server. The old 4096-bit secret key associated with our previous SSL certificate has been deleted from the server.

This new certificate has an SHA-256 signature. In addition, AntiPolygraph.org now supports HTTP Strict Transport Security.

Calomel SSL Validation now gives AntiPolygraph.org a "100%" rating, and Qualys SSL Labs now gives AntiPolygraph.org an "A+" rating.
« Last Edit: Sep 11th, 2014 at 10:04am by Administrator »  

AntiPolygraph.org Administrator
Back to top
WWW  
IP Logged
 
Administrator
Administrator
*****
Offline



Posts: 296
Joined: Sep 28th, 2000
Re: SSL Encryption
Reply #13 - May 30th, 2015 at 12:33pm
Print Post  
On 30 May 2015, AntiPolygraph.org began using a new SSL certificate issued by RapidSSL CA with the following specifications:

Issue date: 29 May 2015

Expiration Date: 13 December 2016

SHA-256 Fingerprint: 1B:33:A2:03:BF:27:83:D2:25:B8:83:63:63:33:5E:97:9E:9D:BF:08:8F:41:9F:36:82:20:DF
:9B:CE:CF:E4:47

SHA-1 Fingerprint: D7:A3:14:4C:82:29:93:9D:73:A9:F4:43:72:90:62:0F:17:94:14:20

A new 4096-bit secret key was created for use with this certificate. It was generated on and has never left AntiPolygraph.org's server. The old 4096-bit secret key associated with our previous SSL certificate has been deleted from the server.

Calomel SSL Validation continues to give AntiPolygraph.org a "100%" rating, and Qualys SSL Labs again gives AntiPolygraph.org an "A+" rating. (The rating had slipped to "A" owing to an SHA1 signature associated with an intermediate certificate. The intermediate certificate now has an SHA-256 signature.)

In addition, AntiPolygraph.org is included in Chromium's HSTS Preload List. This means that web browsers which use the list, including Google Chrome, Mozilla Firefox, and Safari will always use HTTPS to connect to AntiPolygraph.org. In the future, Microsoft Internet Explorer will also support HSTS and will incorporate the Chromium preload list.
  

AntiPolygraph.org Administrator
Back to top
WWW  
IP Logged
 
Administrator
Administrator
*****
Offline



Posts: 296
Joined: Sep 28th, 2000
Re: SSL Encryption
Reply #14 - Jul 3rd, 2016 at 2:35pm
Print Post  
On 3 July 2016, AntiPolygraph.org began using a new SSL certificate issued by Let's Encrypt with the following specifications:

Issue date: 3 July 2016

Expiration date: 1 October 2016

SHA-256 Fingerprint: 6B:9D:1F:44:9A:6A:59:D5:2D:D6:92:8B:AF:95:D3:DD:11:1C:B8:21:21:0F:20:E7:32:8C:3F
:63:DB:83:BA:15

SHA-1 Fingerprint: 3B:5B:FA:FA:0E:8F:CF:DC:05:D3:E9:A3:74:36:F1:E5:28:3E:A5:89

A new 4096-bit secret key was created for use with this certificate. It was generated on and has never left AntiPolygraph.org's server. The old 4096-bit secret key associated with our previous SSL certificate will be deleted from our old server along with all other data there.


Calomel SSL Validation continues to give AntiPolygraph.org a "100%" rating, and Qualys SSL Labs continues to give AntiPolygraph.org an "A+" rating.
  

AntiPolygraph.org Administrator
Back to top
WWW  
IP Logged
 
Page Index Toggle Pages: [1] 2 
Send TopicPrint
Bookmarks: del.icio.us Digg Facebook Google Google+ Linked in reddit StumbleUpon Twitter Yahoo