Skip Menu |
 

This queue is for tickets about the Perl-Dist-Strawberry CPAN distribution.

Report information
The Basics
Id: 124085
Status: resolved
Priority: 0/
Queue: Perl-Dist-Strawberry

People
Owner: Nobody in particular
Requestors: michele.cicciotti [...] pynlab.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: No/broken HTTPS support for strawberryperl.com
Date: Mon, 15 Jan 2018 14:10:57 +0100
To: bug-Perl-Dist-Strawberry [...] rt.cpan.org
From: Michele Cicciotti <michele.cicciotti [...] pynlab.com>
Download (untitled) / with headers
text/plain 701b
strawberryperl.com, including (especially) the downloads, is only available over plaintext HTTP. Considering that the downloads have neither internal (Authenticode) nor external (GPG) signatures, at least the download channel should be protected against tampering. Right now, strawberryperl.com does respond to HTTPS, but it's clearly not configured, as it uses what appears to be the hosting provider's default certificate Should you add HTTPS support (which is free and easy to set up, thanks to services like Let's Encrypt <https://letsencrypt.org>), make sure to test your configuration using Qualys's SSL Server Test <https://www.ssllabs.com/ssltest/>, because it's tricky to get right


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.