SSL was the latest standard until 1999, when TLS 1.0 was released.
Per RFC 2246 [0], "The differences between this protocol [TLS 1.0] and SSL 3.0 are not dramatic, but they are significant enough to preclude interoperability between TLS 1.0 and SSL 3.0"
This clicks with me more than SICP with Scheme. Skimming through it, I like the example using a recursive summation function to approximate the integral of a cubic.
This is a disaster waiting to happen. If it spilled, it would disrupt the Suez Canal and jeopardize the livelihoods of 1.7 million people who depend on fish.
Maybe they should've considered that before they decided to depend on fish and not American businesses, thereby making themselves expendable! There really is no respect for personal responsibility in the world these days.
These are the five SSL options for a Cloudflare website [0]:
1. No SSL: User <--HTTP--> Cloudflare <--HTTP--> Origin Server
2. Flexible SSL: User <--HTTPS--> Cloudflare <--HTTP--> Origin Server
3. Full SSL: User <--HTTPS--> Cloudflare <--HTTPS--> Origin Server;
Self-signed cert ok, expired cert ok
4. Full SSL (strict): User <--HTTPS--> Cloudflare <--HTTPS--> Origin Server;
Origin server must use an SSL certificate that Cloudflare provides [1]
5. Strict (SSL-Only Origin Pull): User <--HTTPS--> Cloudflare <--HTTPS--> Origin Server; same as Full SSL (strict), but you pay need to pay Cloudflare more money
---
3 and above will fix this issue as they encrypt from Cloudflare to the Origin Server.
This is the traffic flow from the link:
User -> Cloudflare -> Airtel -> GitHub Pages
Where the connection with flexible SSL is Cloudflare <--HTTP--> GitHub Pages.
Upgrading to Full SSL (or higher) and using HTTPS on GitHub [2] should fix.
---
Alternatively, deploy your static website with Cloudflare Pages [3], which has feature parity with Github Pages.
The flow would then be: User <--HTTPS--> Cloudflare Pages
Getting it to work the first time was a pain. Basically, you want to disable cloudflare (just untick the box so that it goes directly to your server, you can keep using cloudflare's dns server), then obtain the normal way, and reactivate Cloudflare. But I would highly recommend using cerbot's cloduflare dns plugin[1] instead so that you can (re)create the certificate w/o disabling cloudflare.
> 5. Strict (SSL-Only Origin Pull): User <--HTTPS--> Cloudflare <--HTTPS--> Origin Server; same as Full SSL (strict), but you pay need to pay Cloudflare more money
The difference in this mode is that even if the client connects to Cloudflare using HTTP, Cloudflare will connect to the origin using HTTPS. In all other modes, if the client connects by HTTP, then Cloudflare will connect to origin by HTTP.
Of course, most people these days enable "HTTPS only", in which case Cloudflare will redirect HTTP clients to HTTPS and therefore not make any connection to the origin at all for HTTP clients.
Note that while option 3 will fix this particular issue (because they only seem to care about port 80), it doesn't stop them from MITMing the connection with their own self-signed cert in the future. Only options 4 and 5 ensure a fully secure SSL connection.
I live in Humboldt County, so I got one of these notifications.
Mine arrived 5 seconds after the earthquake, and several of the people on my discord server got it 2-5s after the earthquake. One person got it a couple seconds before.
SSL was the latest standard until 1999, when TLS 1.0 was released.
Per RFC 2246 [0], "The differences between this protocol [TLS 1.0] and SSL 3.0 are not dramatic, but they are significant enough to preclude interoperability between TLS 1.0 and SSL 3.0"
SSL/TLS Versions 1995-present: https://en.wikipedia.org/wiki/Transport_Layer_Security#Histo...
[0]: https://datatracker.ietf.org/doc/html/rfc2246