*frontpage

Printing this post atop the VideoSift homepage - frontpage requested by lucky760.

Comment hidden because you are ignoring dag. (show it anyway)

Yay!

Finally!!!!! I hope SSL doesn't suck up a lot of resources on VS!

Dag, you look so different!

Finally some changes for 2017. What's next, @lucky760 and @dag?

Well done!

Nope, none at all if I"m being honest.

...

It's incredible that it's so easy to create an SSL certificate supported in most browsers now (and for free!) - good times.

@lucky760
nicely done man.

Comment hidden because you are ignoring dag. (show it anyway)

Do I? Just getting old I guess.

Ha, people still think I still look the same as a young teen(ager).

Bravo!!

This should allow the bookmarklet to start working again (assuming it's been updated to use the https submission url).

That's a GREAT point [not to mention a very good memory you have there]!

Yes, this does mean it *should* be able to work again, but of course I'll probably need to investigate and maybe tweak it to get it in proper working order. I'll do that soon.

Nope. Still can't get it to work. I always assumed it was on my end somehow. Maybe it's not me after all. FIX YOUR BROKE ASS SHIT

...or is it really me?

Uh-hem...

"I'll probably need to investigate and maybe tweak it to get it in proper working order. I'll do that soon."

My bad, it works. I just have to click the shield thingy in the address bar after i try and use it.

Excellent!

videosift.com is advertising 2600:3c00::f03c:91ff:fe70:f3af as its IPv6 address. However, that address is not listening on 443. So either don't advertise IPv6 or enable ssl on it.

Additionally, your current configuration supports SSLv3 protocol, which is old and insecure and should be disabled. And some other sub-optimal settings.
Check out https://www.ssllabs.com/ssltest/analyze.html?d=videosift.com
Consider updating your OpenSSL library and configuring nginx as shown at https://cipherli.st/

And please make sure you have some sort of automated way to renew letsencrypt cert since it's only for 3 months.

Well done!
Just a little heads up: The old channel URLs https://<channel>.videosift.com still work )and forward to https://videosift.com/<channel>), but have an invalid certificate, since VS doesn't use a wildcard certificate. Minor thing, but I thought I'll tell you.

Dropping some ECDHE into your ciper suite would be really appreciated, so that I don't have to change my security settings everytime I want to pay VS a visit.

Which web browser(s) do you use for that?

At that moment, Firefox 51.0. But I've had some ciphers disabled since the early days of Logjam attacks, which included all ciphers using Diffie-Hellman without elliptic curves. That's why there was no overlap between accepted ciphers on my end and ciphers supplied by VS.

Ah. Late last night after 11 PM PST, VS was showing:

"Secure Connection Failed

An error occurred during a connection to videosift.com.

Cannot communicate securely with peer: no common encryption algorithm(s).

Error code: <a rel="nofollow" id="errorCode" title="SSL_ERROR_NO_CYPHER_OVERLAP">SSL_ERROR_NO_CYPHER_OVERLAP

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

Please contact the website owners to inform them of this problem."


https://s28.postimg.org/9id7f2tjx/ssl.jpg for a screen shot/capture from SM's Page Info's Security tab.


I could reproduce this error in both of my computers (64-bit W7 HPE SP1 OS & 64-bit Linux/Debian Jessie/stable)'s SeaMonkey v2.46 web browsers. Also, Firefox v51 in my Debian box. I could not reproduce it in W7's IE11 & Debian's Chrome v50 web browsers that aren't based on Mozilla's Gecko engine.


I told Dag and Lucky760 about it, and it was fixed about 1.5 hours later. Kudos to the quick fixes!