delivering the news over https
TRANSCRIPT
Delivering the news over HTTPS
A Call to ActionIf you run a news site, or any site at all, we’d like to issue a friendly challenge to you. Make a commitment to have your site fully on HTTPS by the end of 2015 and pledge your support with the hashtag #https2015.
—Eitan Konigsburg, Rajiv Pant and Elena Kvochko “Embracing HTTPS” November 13, 2014
Paul Schreiber@paulschreiber
Mike Tigas@mtigas
quick look
HTT
P
HTT
PS
why?
config
“regular”
SAN
wildcard
SNI
sha1 vs sha2
Extended Validation (EV)
$ sslmate mkconfig
https://mozilla.github.io/ server-‐side-‐tls/
ssl-‐config-‐generator/
HTTPS enabled HTTPS default HSTS HSTS preload
content
cont
ent
cont
ent
😕
com
men
ts
ads
soci
al
anal
ytic
s
CD
Ns
font
s
cost
performance
2008 HTTPS is slow
2008 HTTPS is slow2015 HTTPS is fast
problems
problems
solved problems
No
HTT
PS?
ask nicely.
No
HTT
PS?
SoundCiteplacehold.it
mix
ed c
onte
nt
mix
ed c
onte
nt
$ mixed-‐content-‐scan
mix
ed c
onte
nt
Content-‐Security-‐Policy: upgrade-‐insecure-‐requests
mix
ed c
onte
nt Content-‐Security-‐Policy-‐Report-‐Only: default-‐src https: data: 'self' 'unsafe-‐inline' 'unsafe-‐eval'; report-‐uri: https://myserver.com/log-‐tool/
mix
ed c
onte
nt
mix
ed c
onte
nt
Akamai http://hostname.com → https://a248.e.akamai.net/f/12/621/60d/hostname.com
Many graphics from The Noun ProjectCalendar by Mani Amini. Money by Nick Levesque.Shielf by Wayne Thayer. SEO by Azis. Gauge by Dalpat Prajapati. Scribble by Michael Chanover. Lock with keyhole by Brennan Novak. Warning by Icomatic. Error by Anas Ramadan. Network by Stephen Boak.Server by Yazmin Alanis. Hat based on work by Blake Kimmel.