[Mailman-Users] moderator page behind nginx with SSL

John Griessen john at cibolo.com
Tue Jun 21 12:06:59 EDT 2016

On 06/18/2016 05:39 AM, Stephen J. Turnbull wrote:
>  > The rest of mailman version 2.1.22
>  > is working fine with SSL and some rewriting by nginx and yet
>  > https://cibolo.us/mailman/admindb/open_electroporator  gives a message
>  > "will be sent over an insecure connection" when I seta button to
>  > discard and then do the submit all data button.
> Do you have a proper certificate for the host, rooted in a well-known
> service?  I suppose you do, but it's the first thing to check.

it is from letsencrypt.org

> second is whether that root service is listed in your browser's list
> of trusted roots.

It works fine for my webpages I set up such as
http://cibolo.us/mailman/listinfo/open_electroporator  that URl is rewritten and permenanetly directed to below:

> Third, is this actually SSL and not TLS?  SSL is in fact considered
> insecure by many experts; many libraries implementing these protocols
> now refuse to use SSL (even v3), and some issue a warning if the
> server forces it.

I suppose it is TLS.  I followed very recent guides to set it up.

Yes, as far as behind nginx it is TLS:

  # SSL Settings

         ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
         ssl_prefer_server_ciphers on;
         ssl_session_cache   shared:SSL:10m;
         ssl_session_timeout 10m;
         ssl_certificate /etc/ssl/xxxxxxxxxxxxxxxxxxx;
         ssl_certificate_key /etc/ssl/xxxxxxxxxxxxxxxxxx;
         # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
         ssl_dhparam /etc/ssl/private/dhparam2048.pem;

Only admin of pending moderation is affected.
Maybe I have an operator error -- I'll check for setting the moderator name and password -- it may be blank or
from an older version of mailman  that this installation was migrated from...
fix_url has been run on the affected list.  That was after some restoring of data dirs and
there could be permissions problems...so maybe I still need to run fix_url again...

Thanks for the suggestions.

More information about the Mailman-Users mailing list