Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersLet's Encrypt - free https certificates - Mozilla deprecating http
timmmay

20857 posts

Uber Geek
+1 received by user: 5349

Trusted
Lifetime subscriber

#171919 5-May-2015 14:09
Send private message

Mozilla is planning on restricting the functionality of unencrypted http sites (more here direct from Mozilla), only giving full functionality to https sites. This will be another nail in the coffin of Firefox IMHO, all it means is even the less trustworthy websites will have https in future. It really adds very little to security that your link is encrypted, given the low chance of interception, though perhaps the browsers apply more stringent security policy to https sites.

That led me to the website Lets Encrypt. Later 2015 this site will provide free certificates to enable https on websites. It's supported by Mozilla, Akamai, Cisco, The EFF, so should be successful. You can get certificates for $10 or less already, and may be able to get free certificates (though they didn't work for me), but this will increase adoption. One key factor is shared hosting, who may charge a fee for each website hosted, or make it difficult / impossible to install the certificates. All in all though Lets Encrypt seems like a positive move.

Create new topic
roobarb
701 posts

Ultimate Geek
+1 received by user: 643

Trusted

  #1298418 5-May-2015 14:14
Send private message

StartSSL will also do free SSL certs, but that does not imply that the client browsers all have the CA installed and hence trust it.



mattwnz
20515 posts

Uber Geek
+1 received by user: 4795


  #1298420 5-May-2015 14:16
Send private message

Many shared hosts at the bottom end of the market don't let you install a SSL unless you move to a larger plan. Most will also charge for a dedicated IP, and they can cost an extra $10 per month per site. Basic brochure websites shouldn't need https. Even many shopping cart websites are just http, and this includes at least one of the major SAAS shoping cart providers. Google do apparently rank https websites higher than http ones already, so that should be enough.

wasabi2k
2102 posts

Uber Geek
+1 received by user: 860


  #1298421 5-May-2015 14:17
Send private message

roobarb: StartSSL will also do free SSL certs, but that does not imply that the client browsers all have the CA installed and hence trust it.

Which makes them almost worthless.



mattwnz
20515 posts

Uber Geek
+1 received by user: 4795


  #1298422 5-May-2015 14:18
Send private message

I though cloudflare also offered free SSLs.

timmmay

20857 posts

Uber Geek
+1 received by user: 5349

Trusted
Lifetime subscriber

  #1298423 5-May-2015 14:22
Send private message

HTTPS has two advantages, authentication that you're sending information who you think you are, and encryption of that information. Free and low cost certificates only do the latter.

CloudFlare does do free SSL/HTTPS, using what's effectively a massive wildcard certificate, and it relies on modern browsers to support the way it works (Server Name Indication). I have one custom written website that uses it that it works automatically on, but I found it quite problematic to get working with Wordpress, and in the end gave up.

roobarb
701 posts

Ultimate Geek
+1 received by user: 643

Trusted

  #1298424 5-May-2015 14:27
Send private message

wasabi2k:
roobarb: StartSSL will also do free SSL certs, but that does not imply that the client browsers all have the CA installed and hence trust it.

Which makes them almost worthless.


Perhaps, I should have qualified that, the root CA is not on older operating systems, I often do testing with older machines. Modern ones including mobiles seem to recognized StartCom CA. Not all mobile browsers let you easily see the certificate.

 
 
 
 

Shop now for Lenovo laptops and other devices (affiliate link).
jnimmo
1098 posts

Uber Geek
+1 received by user: 255


  #1298463 5-May-2015 15:30
Send private message

The key advantage of Lets Encrypt is that certs will automatically renew, so it is truly set and forget if all implemented well.
Really should be almost as easy as flipping a config switch. Looking forward to it!

richms
29097 posts

Uber Geek
+1 received by user: 10206

Trusted
Lifetime subscriber

  #1298466 5-May-2015 15:33
Send private message

The problem with SSL on mobiles is the crap user experiance that you get on cert failures. I can only see this making it worse with people just pressing "continue" on warnings about secure connections not being established when these dodgey certs pop a warning up.




Richard rich.ms

mattwnz
20515 posts

Uber Geek
+1 received by user: 4795


  #1298474 5-May-2015 15:40
Send private message

Unless Apple do this first, I can't see Mozilla doing it. If they do, people will just switch to other browsers. I would say many websites on the net are published and are then never touched, so you do have a lot of very old websites on the net. Many are just static so pose no security issue. Even if websites do have encypted form, many are sent unsecurely via email. I think a bigger risk is hacked CMS's and malware that gets injected into those site. I often see old wordpress website still running wordpress 3.1 and some even older, which are not secure.

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright