Tag Archives: https

On “Secure Contexts” in Firefox, HTTPS for local development, and a potential nice gesture by Chrome

👋 This post also got published on Medium. If you like it, please give it some love a clap over there. Earlier today, in a post entitled Secure Contexts Everywhere, it was announced on the Mozilla Security Blog that Firefox … Continue reading

Original Content , , , , Leave a comment

Monitoring for the encrypted web with “Oh Dear!”

Because there’s more to HTTPs than just monitoring for certificate expiration dates. Next to SSL Certificate Expirations, Oh Dear! also scans for Mixed Content, Revoked (Intermediate) Certificates, the use of bad or insecure ciphers, etc. Knowing that this service is … Continue reading

Elsewhere , Leave a comment

Mixed Content and Responsive Images

Interesting issue Jonathan Snook ran into when switching a site over to HTTPS. Even though images from HTTP resources should still get loaded by the browser (as they are Passive Mixed Content, and thus tolerated), they weren’t: After some digging, … Continue reading

Elsewhere , , , Leave a comment

API

(Source: xkcd #1481)

Elsewhere , , , , Leave a comment

Marking HTTP As Non-Secure

My name is Bramus and I approve this message: We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan … Continue reading

Elsewhere , , , Leave a comment

Mixed Content Scan: Scan your HTTPS-enabled website for Mixed Content

With my recent move to HTTPS I wasn’t sure if there were any pages left on my site that had Mixed Content or not. If an HTTPS page includes content retrieved through regular, cleartext HTTP, then the connection is only … Continue reading

Elsewhere , , , , 2 Comments

Yik Yak Messaging App Vulnerability

Yik Yak’s HTTPS communication for iOS is actually fine […] so what’s the problem? […] The vulnerability begins in the fact that Yik Yak’s sole means of user identification is one string; the userID. There are no passwords. […] Yik … Continue reading

Elsewhere , , Leave a comment

Migrating your WordPress website from HTTP to HTTPS

In light of #https2015 I flipped the switch on bram.us earlier today: from today forth bram.us is only accessible over HTTPS. If you run a news site, or any site at all, we’d like to issue a friendly challenge to … Continue reading

Elsewhere , , , , 22 Comments

HTTPS Everywhere

(That’s a presentation embedded above. Video also available)

Elsewhere , , , , Leave a comment

SSL Config Generator

Just choose the web server / web front you’re using (Apache, Nginx, HAProxy) + whether you want to support only modern, intermediate, or old versions of browsers and a proper configuration will be generated. <VirtualHost *:443> … SSLEngine on SSLCertificateFile … Continue reading

Elsewhere , , , , 1 Comment