View
206
Download
0
Category
Preview:
Citation preview
HTTPS? YES, PLEASE.
J and Beyond 2016
Kiril Hristov @kirilhristov
UX Tech
Business
STATE OF ENCRYPTION
online store, banks and others that
transmit sensitive data
art blog, tech site, brochure website and others that
seem harmless
LET’S FREAK OUTReason 1: Privacy
NETWORK SNIFFING
NETWORK SNIFFING
WIFI PROBLEMS• We use unsecured
networks• Passwords are
crackable
SSL• You are talking to who they
claim to be.
• No one can see the conversation.
• No one has tampered with the data.
HOW SSL WORKS
Client Server
private
public
RNc
Client hello, SSL session request, RNcRNc
RNc
RNs
Server hello, sends over SSL cert, Public Key, RNs
RNspublic
RNspublic
PMSc PMSc, encrypted with the Public KeyPMSc PMSc
MSMS
Each side calculates the MS, starts using it for secure communicationMS MS
HTTP2Reason 2: Speed
HTTP2• Need SSL to run http2
• Faster site performance (multiplexing, header compression, server push)
• Easy implementation when web host supports it
DEMO TIME
HTTP1.1 HTTP 2
bit.ly/testhttp2
IT’S GOOD FOR SEOReason 3: Rank Higher
LET’S ENCRYPTReason 4: It’s Free
• Free Security
• Easy Installation bit.ly/encrypt4free
• No Dedicated IP Required
• Trusted by all Major Browsers
• Auto Renewable
IMPLEMENTATION
1. Get a certificate
2. Configure your server bit.ly/hardwayssl
3. Configure your site (Joomla!)
4. Test the configuration ssllabs.com
GLOBAL CONFIGURATION -> SERVER -> FORCE SSL : ENTIRE SITE
MODULE MANAGER -> LOGIN FORM -> ENCRYPT LOGIN FORM:YES
TEST THE CONFIGURATION SSLLABS.COM
FIX MIXED CONTENT
bit.ly/mixedcontentcheck
QUESTIONS? YES, PLEASE.
Kiril Hristov @kirilhristov
Recommended