Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 350213

Summary: Gerrit web ui must be served through SSL only
Product: [Technology] EGit Reporter: Gunnar Wagenknecht <gunnar>
Component: UIAssignee: Project Inbox <egit.ui-inbox>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: mn
Version: 1.0   
Target Milestone: ---   
Hardware: All   
OS: All   
Whiteboard:
Bug Depends on:    
Bug Blocks: 283749    

Description Gunnar Wagenknecht CLA 2011-06-24 02:19:12 EDT 
Currently, Gerrit at egit.eclipse.org allows to sign-in via HTTP. This sends passwords unencrypted over the wire. 

This is especially critical because the web ui provides access to a SSH key management facility for commits.
Comment 1 Mykola Nikishov CLA 2012-02-10 14:32:56 EST 
Gerrit instance moved to http://git.eclipse.org and works as expected:

mn@think:~$ curl --head --location http://git.eclipse.org/r/
HTTP/1.0 301 Moved Permanently
Date: Fri, 10 Feb 2012 19:27:39 GMT
Server: Apache
Location: https://git.eclipse.org/r/
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.19)
Connection: keep-alive

HTTP/1.0 200 Connection established

HTTP/1.1 200 OK
Date: Fri, 10 Feb 2012 19:27:41 GMT
Expires: Tue, 01 Jan 1980 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Content-Type: text/html;charset=UTF-8
Content-Length: 12556
X-NodeID: dev2
Vary: Accept-Encoding
Connection: close