log in problem

• by x303

  When a browser has ssl3 disabled (for example on firefox set ssl-version-control.current.security.tls.version.min to 1), it's impossible to log in with the new login windows, the old one still works. Because of the poodle attack (no joke), more and more browsers are switching off ssl3 by default. See also https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack
  Which basically means you have to make all galaxyzoo sites use TLS only.

  Posted October 31, 2014 12:31 PM

• by bumishness Zooniverse Team

  While I am by no means an expert in this area, the zooniverse.org secure cert uses TLS 1.0 and shouldn't have an issue when this transition occurs.

  Posted October 31, 2014 7:12 PM

• by x303

  Well, if you set ssl-version-control.current.security.tls.version.min to 1 in the latest version of firefox (windows & linux), which forces to use TLS, i cant log in. Site then says: "Login is currently unavailable".
  If you set it to 0, i can log in again. Better try it out yourself and see what happens.
  Because of this, also cant log in with opera dev, coz they turned ssl3 off by default.

  Posted November 1, 2014 11:20 AM

• by bumishness Zooniverse Team

  I'll bring it up with those more knowledgeable in this area than I. Thanks for the report.

  Posted November 3, 2014 3:03 PM