Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Perl-Dist-Strawberry CPAN distribution.

Report information
The Basics
Id:
124085
Status:
resolved
Priority:
Low/Low

People
Owner:
Nobody in particular
Requestors:
michele.cicciotti [...] pynlab.com
Cc:
AdminCc:

BugTracker
Severity:
(no value)
Broken in:
(no value)
Fixed in:
(no value)



Subject: No/broken HTTPS support for strawberryperl.com
Date: Mon, 15 Jan 2018 14:10:57 +0100
To: bug-Perl-Dist-Strawberry@rt.cpan.org
From: Michele Cicciotti <michele.cicciotti@pynlab.com>
strawberryperl.com, including (especially) the downloads, is only available over plaintext HTTP. Considering that the downloads have neither internal (Authenticode) nor external (GPG) signatures, at least the download channel should be protected against tampering. Right now, strawberryperl.com does respond to HTTPS, but it's clearly not configured, as it uses what appears to be the hosting provider's default certificate Should you add HTTPS support (which is free and easy to set up, thanks to services like Let's Encrypt <https://letsencrypt.org>), make sure to test your configuration using Qualys's SSL Server Test <https://www.ssllabs.com/ssltest/>, because it's tricky to get right


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.