Enabling SSL in IPB 3 causes Private Messaging to fail

[thenook]

I know this is probably something that is fixed in IPB 4, but we have been trying to get everything running on SSL on our board.  It is currently running 3.4.8 but is due to be upgraded to the current version of 4.x as soon as we have a backup in place.

So for now we are trying to get SSL to work fully, which it kind of does.  We setup everything in cPanel and enabled everything.  We then modified conf_global.php.  At this point the forum loads as https and all links clicked on too.  The problem comes when the private messaging system is used.  The following error comes up regardless of length of message.  If anyone has any ideas on how to fix the problem it would be appreciated.

			The following errors were found		
		You must enter a message larger than 3 characters.		
		This personal message has not been sent

[Joy Rex]

I can tell you that I am still running a 3.4.9 board with SSL, and didn't have any PM-related issues. You might try looking at the Chrome Developer Tools in the browser to see if there is some sort of error being triggered (it sounds like the javascript validation is being triggered unintentionally, or possibly an addon or setting that requires 3 characters or more in a post/PM is not compatible with SSL).

Is the site still showing secure when you go to the PM inbox? This might be happening due to mixed content (some loading over SSL, some not).

[thenook]

Its a strange problem (or set of). 

I personally tested it on Firefox/Opera and have issues with PM when running the entire board in secure mode.  A member on the board has forced logout issues if we enable SSL Logins.  But If you disable board wise SSL, but force it using HTTPS Anywhere (allow only secure connections) it works fine, apart from moaning about logins and posts being sent over an insecure connection, also even when the whole board is secured, it still moans because images arent being encrypted.  For now we've decided to run it insecure until we are upgraded to the current version.

To be fair I suspect the issues lie in DNS, whoever set it up made a complete mess of it, lots of pointless entries, its on the todo list.  Followed by a complete code audit.  But until we have a fully upgraded board I don't see any point in doing any of that.  Also the letsencrypt cert isn't ideal.

Thanks for your help anyway, it gives me something to play with.

[Aiwa]

What's wrong with LetsEncrypt? 

[WOFman]

On 11/26/2018 at 12:02 PM, Joy Rex said:

I can tell you that I am still running a 3.4.9 board with SSL, and didn't have any PM-related issues. You might try looking at the Chrome Developer Tools in the browser to see if there is some sort of error being triggered (it sounds like the javascript validation is being triggered unintentionally, or possibly an addon or setting that requires 3 characters or more in a post/PM is not compatible with SSL).

Is the site still showing secure when you go to the PM inbox? This might be happening due to mixed content (some loading over SSL, some not).

How did you change the address to https:// in 3.4.9?

[AndyF]

Unlikely but check on the default skin in 3x to see if its any better. Its just possible (but only just) a template change for a custom skin is causing this.