DHTML with https

Hi there

I have a DHTML element that has worked perfectly up until now. I just changed our servers to HTTPS and now the css elements won’t resolve regardless of what url I put. Does garrysmod not support https or am I doing something wrong?


Pretty sure it does as I use my DRM system with a HTTPS server using POST and that works fine iirc

I got a whole forum running fine with HTTPS URLs, maybe the browser wont allow the CSS because its cross-references, to protect the user? Try seeing when opening the url in your browser(Like chrome) if it shows the GREEN HTTPS lock instead of something yellow or so.

We’ve got a green lock, the website in question is https://streetwarsrp.com/. We do, however, have a few minor warning saying that we have un-protected content as the GameTracker banners are http content (as their cache does not support HTTPS).

their cache supports HTTPS, i got it myself too, you gotta change the url. https://www.gametracker.com/server_info/BANNERSETTINGS aka remove the cache.

So what you’re saying is that their cache does not support HTTPS :P? We’re now querying their live site and not the cache. Not that I mind, thats what they get for not allowing HTTPS on their cache sub-domain I guess.

Yeah, but who cares these days? They get enough money with their ads so they can pay the bandwidth, if they dont want HTTPS caching :stuck_out_tongue:

So I’ve tried to make this work again, and without luck. If I load a part of my website that runs HTTPS it simply returns a blank panel whereas when I load a HTTP page it shows the actual page. Any ideas of why this is happening? The code in question is:

local Panel = vgui.Create("DPanel")
	Panel :SetSize(ScrW() - 60, ScrH() - 80)

local PanelFrame = vgui.Create( "HTML", Panel )
	PanelFrame:SetSize( ScrW() - 70, ScrH() - 180)

But as mentioned the


does indeed load as the garrysmod folder is not https.

I believe the issue could be the security settings that I have put on my website. I had disabled both TLS 1.1, TLS 1.0, SSL 3 and SSL 2, but when scanning the HTML elements SSL capabilities I discovered that it only supported SSL3 (!) and TLS 1.0. The tool I used for scanning this was the tool provided at SSL LABS

Does anyone know what browser this implementation is based on, and also why it is so outdated?

I have tried enabling TLS 1.0 now, but am still unable to access https://streetwarsrp.com. All I get is this - a blank write screen. If I attempt to visit a site such as https://eu.battle.net/login/en/ or https://www.ssllabs.com it works just fine though… Any ideas?

[editline]6th November 2016[/editline]

After a lot of fiddling around I have gotten it working by disabling some ciphers. I basically mirrored what Battle.Net uses except the 3DES ciphers.

If anyone else in the future may run into a similar problem, these are the ciphers I ended up having enabled (along with TLS 1.0, 1.1 and 1.2):

TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)

Configured with the following SSLCipherSuite (from the options-ssl-apache.conf file)


If you want the root cause of this issue to be solved, spam this post in the the thread it’s in. Just reply to it asking when it’ll happen.