Opened 6 months ago

#7765 new defect

Change mailman to use HTTPS by default

Reported by: llogan Owned by:
Priority: normal Component: website
Version: unspecified Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Mailman web_page_url is set to HTTP, so mailing list URLs that are generated from this substitution are not using HTTPS. This can result in non-secure logins by users.

From Where can I change a list or the default URL used for the web interface?:

If you want to use Secure HTTP instead of regular HTTP you may also want to assign, again in mm_cfg.py, different values for the DEFAULT_URL_PATTERN and PUBLIC_ARCHIVE_URL MM config variables.

Depending on how you want your site to operate you may change one or other or both of these patterns to use the 'https' scheme rather than the default 'http' scheme.

Check in Defaults.py for the description and current values of the variables.

Then run mailmanctl restart (or the changes will not take hold).

The archives should then be rebuilt to regenerate the URLs to attachments. See link above. Note that this may rebuild spam messages that were manually renamed: usually to something like 229996.html.spam.

Somewhat related to #7575.

Change History (0)

Note: See TracTickets for help on using tickets.