Embed Size (px)
Citation preview
Delivering the news over HTTPS
Paul Schreiber@paulschreiber
HTTP1991–2015
HTTP1991–2015
HTT
P
HTT
PS
A Call to ActionIf you run a news site, or any site at all, we’d like to issue a friendly challenge to you. Make a commitment to have your site fully on HTTPS by the end of 2015 and pledge your support with the hashtag #https2015.
—Eitan Konigsburg, Rajiv Pant and Elena Kvochko “Embracing HTTPS” November 13, 2014
setup
$ sslmate mkconfig
https://mozilla.github.io/ server-‐side-‐tls/
ssl-‐config-‐generator/
HSTS
HTTPS enabled
HTTPS enabledHTTPS default
HTTPS enabledHTTPS defaultHSTS
HTTPS enabledHTTPS defaultHSTSHSTS preload
content
cont
ent
ads
anal
ytic
s
CD
Ns
font
s
cont
ent
😕
https://github.com/ bramus/mixed-‐content-‐scan
<script src="//google.com/… <script src="https://googl…
<script src="//google.com/… <script src="https://googl…
performance
2008 HTTPS is slow
2008 HTTPS is slow2015 HTTPS is fast
Many graphics from The Noun ProjectTombstone by Jakob Wells. Money by Nick Levesque. Shield by Wayne Thayer. SEO by Azis. Gauge by Dalpat Prajapati. Scribble by Michael Chanover. Lock with keyhole by Brennan Novak. Warning by Icomatic. Error by Anas Ramadan.
problems
problems
solved problems
No
HTT
PS?
ask nicely.
No
HTT
PS?
SoundCiteplacehold.it
mix
ed c
onte
nt
mix
ed c
onte
nt
$ mixed-‐content-‐scan
mix
ed c
onte
nt
Content-‐Security-‐Policy: upgrade-‐insecure-‐requests
mix
ed c
onte
nt Content-‐Security-‐Policy-‐Report-‐Only: default-‐src https: data: 'self' 'unsafe-‐inline' 'unsafe-‐eval'; report-‐uri: https://myserver.com/log-‐tool/
mix
ed c
onte
nt
![[MS-IPHTTPS]: IP over HTTPS (IP-HTTPS) Tunneling Protocol](https://img.pdfslide.us/doc/110x75/627be39a59665752362cd62d/ms-iphttps-ip-over-https-ip-https-tunneling-protocol.jpg)
