Possible to configure SSL/TLS for discuss.emberjs.com?


#1

I just realized that SSL/TLS is not supported for discuss.emberjs.com. It seems even login credentials are sent in clear text over the wire (see screenshot below).

Would it be at all possible to fix this?


#2

In the meantime, you can log in with Google to get full two factor auth plus HTTPS in the login phase. Remember you can log in with any supported method that maps to the same verified email address.


#3

Yeap, I did test that.

FWIW I generally am very cautious of using Open Auth logins, IE I never use them. Some more less reputable sites that uses OAuth extract data about you (or worse) from the OAuth provider. I prefer to use 1Password and have unique passwords.

My paranoia aside, is configuring SSL/TLS for this app something that is likely to happen? Is there a blocker other than $$?


#4

There are free certificates here: https://letsencrypt.org/

Nginx snippets for SSL and redirection from plain HTTP are easily available.


#5

Discovered this today and kind of totally surprised me. Any news on this?