Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersLet's Encrypt - free https certificates - Mozilla deprecating http
timmmay

20423 posts

Uber Geek

Trusted
Lifetime subscriber

#171919 5-May-2015 14:09
Send private message

Mozilla is planning on restricting the functionality of unencrypted http sites (more here direct from Mozilla), only giving full functionality to https sites. This will be another nail in the coffin of Firefox IMHO, all it means is even the less trustworthy websites will have https in future. It really adds very little to security that your link is encrypted, given the low chance of interception, though perhaps the browsers apply more stringent security policy to https sites.

That led me to the website Lets Encrypt. Later 2015 this site will provide free certificates to enable https on websites. It's supported by Mozilla, Akamai, Cisco, The EFF, so should be successful. You can get certificates for $10 or less already, and may be able to get free certificates (though they didn't work for me), but this will increase adoption. One key factor is shared hosting, who may charge a fee for each website hosted, or make it difficult / impossible to install the certificates. All in all though Lets Encrypt seems like a positive move.

Create new topic
roobarb
650 posts

Ultimate Geek

Trusted

  #1298418 5-May-2015 14:14
Send private message

StartSSL will also do free SSL certs, but that does not imply that the client browsers all have the CA installed and hence trust it.

 
 
 
 

Shop now on AliExpress (affiliate link).
mattwnz
20035 posts

Uber Geek


  #1298420 5-May-2015 14:16
Send private message

Many shared hosts at the bottom end of the market don't let you install a SSL unless you move to a larger plan. Most will also charge for a dedicated IP, and they can cost an extra $10 per month per site. Basic brochure websites shouldn't need https. Even many shopping cart websites are just http, and this includes at least one of the major SAAS shoping cart providers. Google do apparently rank https websites higher than http ones already, so that should be enough.

wasabi2k
2094 posts

Uber Geek


  #1298421 5-May-2015 14:17
Send private message

roobarb: StartSSL will also do free SSL certs, but that does not imply that the client browsers all have the CA installed and hence trust it.

Which makes them almost worthless.



mattwnz
20035 posts

Uber Geek


  #1298422 5-May-2015 14:18
Send private message

I though cloudflare also offered free SSLs.

timmmay

20423 posts

Uber Geek

Trusted
Lifetime subscriber

  #1298423 5-May-2015 14:22
Send private message

HTTPS has two advantages, authentication that you're sending information who you think you are, and encryption of that information. Free and low cost certificates only do the latter.

CloudFlare does do free SSL/HTTPS, using what's effectively a massive wildcard certificate, and it relies on modern browsers to support the way it works (Server Name Indication). I have one custom written website that uses it that it works automatically on, but I found it quite problematic to get working with Wordpress, and in the end gave up.

roobarb
650 posts

Ultimate Geek

Trusted

  #1298424 5-May-2015 14:27
Send private message

wasabi2k:
roobarb: StartSSL will also do free SSL certs, but that does not imply that the client browsers all have the CA installed and hence trust it.

Which makes them almost worthless.


Perhaps, I should have qualified that, the root CA is not on older operating systems, I often do testing with older machines. Modern ones including mobiles seem to recognized StartCom CA. Not all mobile browsers let you easily see the certificate.

jnimmo
1096 posts

Uber Geek


  #1298463 5-May-2015 15:30
Send private message

The key advantage of Lets Encrypt is that certs will automatically renew, so it is truly set and forget if all implemented well.
Really should be almost as easy as flipping a config switch. Looking forward to it!



richms
27963 posts

Uber Geek

Trusted
Lifetime subscriber

  #1298466 5-May-2015 15:33
Send private message

The problem with SSL on mobiles is the crap user experiance that you get on cert failures. I can only see this making it worse with people just pressing "continue" on warnings about secure connections not being established when these dodgey certs pop a warning up.




Richard rich.ms

mattwnz
20035 posts

Uber Geek


  #1298474 5-May-2015 15:40
Send private message

Unless Apple do this first, I can't see Mozilla doing it. If they do, people will just switch to other browsers. I would say many websites on the net are published and are then never touched, so you do have a lot of very old websites on the net. Many are just static so pose no security issue. Even if websites do have encypted form, many are sent unsecurely via email. I think a bigger risk is hacked CMS's and malware that gets injected into those site. I often see old wordpress website still running wordpress 3.1 and some even older, which are not secure.

Create new topic





News and reviews »

New Suunto Run Available in Australia and New Zealand
Posted 13-May-2025 21:00

Cricut Maker 4 Review
Posted 12-May-2025 15:18

Dynabook Launches Ultra-Light Portégé Z40L-N Copilot+PC with Self-Replaceable Battery
Posted 8-May-2025 14:08

Shopify Sidekick Gets a Major Reasoning Upgrade, Plus Free Image Generation
Posted 8-May-2025 14:03

Microsoft Introduces New Surface Copilot+ PCs
Posted 8-May-2025 13:56

D-Link A/NZ launches DWR-933M 4G+ LTE Cat6 Wi-Fi 6 Mobile Hotspot
Posted 8-May-2025 13:49

Synology Expands DiskStation Lineup with DS1825+ and DS1525+
Posted 8-May-2025 13:44

JBL Releases Next Generation Flip 7 and Charge 6
Posted 8-May-2025 13:41

Arlo Unveils All-New PoE Adapter With Enhanced Connectivity
Posted 8-May-2025 13:36

Fujifilm Instax Mini 41 Review
Posted 2-May-2025 10:12

Synology DS925+ Review
Posted 23-Apr-2025 15:00

Synology Announces DiskStation DS925+ and DX525 Expansion Unit
Posted 23-Apr-2025 10:34

JBL Tour Pro 3 Review
Posted 22-Apr-2025 16:56

Samsung 9100 Pro NVMe SSD Review
Posted 11-Apr-2025 13:11

Motorola Announces New Mid-tier Phones moto g05 and g15
Posted 4-Apr-2025 00:00








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac



RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
Hatch
GoodSync
Backblaze backup
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright