I'd really recommend you actually go through and watch the youtube video if you're interested in this—it does a fantastic job of showing just how much harm can be done to you, those around you,...
I'd really recommend you actually go through and watch the youtube video if you're interested in this—it does a fantastic job of showing just how much harm can be done to you, those around you, and the wider internet at large, just from your site (or a random small site) not having https enabled.
My host (Dreamhost) offers the ability to set up HTTPS using LetsEncrypt with a few clicks, so I started taking advantage as soon as it was available. The only real downside is that it adds about...
My host (Dreamhost) offers the ability to set up HTTPS using LetsEncrypt with a few clicks, so I started taking advantage as soon as it was available. The only real downside is that it adds about 300ms to your page load time for negotiating a secure connection.
What's cool is HTTPS is actually faster than HTTP (at least after the initial negotiation): https://www.httpvshttps.com. With HTTP/2 and TLS 1.3 0RTT it should be even faster in the future.
What's cool is HTTPS is actually faster than HTTP (at least after the initial negotiation): https://www.httpvshttps.com. With HTTP/2 and TLS 1.3 0RTT it should be even faster in the future.
Seeing as most websites have so much scripting on it they take ~30 seconds to load nowadays, I think 300 ms is pretty forgivable ^^ Good on them for offering that, btw. Although I have heard some...
Seeing as most websites have so much scripting on it they take ~30 seconds to load nowadays, I think 300 ms is pretty forgivable ^^
Good on them for offering that, btw. Although I have heard some arguments that aren't mentioned in Troy's videos against the whole thing, namely that LetsEncrypt getting a monopoly on free/cheap encryption(even if they're "good guys") isn't really a healthy state for the internet to get into. Cloudflare adding cheap/free encryption too isn't really all that much better, seeing as they're already providing a middle layer to a larger-than-healthy portion of the internet.
True, but then you have contrarians like me who have minimal scripting and not a hell of a lot of CSS, so that 300ms shows up when you use testing sites like https://tools.pingdom.com. :)
Seeing as most websites have so much scripting on it they take ~30 seconds to load nowadays, I think 300 ms is pretty forgivable ^^
True, but then you have contrarians like me who have minimal scripting and not a hell of a lot of CSS, so that 300ms shows up when you use testing sites like https://tools.pingdom.com. :)
Maybe, but reducing the key size makes the key easier to crack, and that's a bad idea. Better to compensate by optimizing your images, JS, CSS, and video assets, and implementing compression and...
Maybe, but reducing the key size makes the key easier to crack, and that's a bad idea. Better to compensate by optimizing your images, JS, CSS, and video assets, and implementing compression and caching.
By utilizing HTTPS, you are protecting your visitors who may be in a route where there is a man in the middle. Example someone at a Starbuck's with a hacked wifi router accesses your site using...
By utilizing HTTPS, you are protecting your visitors who may be in a route where there is a man in the middle. Example someone at a Starbuck's with a hacked wifi router accesses your site using http through Starbuck's router.
I was very surprised to hear that Comcast injects. I'd want to learn more about that.
I'd really recommend you actually go through and watch the youtube video if you're interested in this—it does a fantastic job of showing just how much harm can be done to you, those around you, and the wider internet at large, just from your site (or a random small site) not having https enabled.
My host (Dreamhost) offers the ability to set up HTTPS using LetsEncrypt with a few clicks, so I started taking advantage as soon as it was available. The only real downside is that it adds about 300ms to your page load time for negotiating a secure connection.
What's cool is HTTPS is actually faster than HTTP (at least after the initial negotiation): https://www.httpvshttps.com. With HTTP/2 and TLS 1.3 0RTT it should be even faster in the future.
Seeing as most websites have so much scripting on it they take ~30 seconds to load nowadays, I think 300 ms is pretty forgivable ^^
Good on them for offering that, btw. Although I have heard some arguments that aren't mentioned in Troy's videos against the whole thing, namely that LetsEncrypt getting a monopoly on free/cheap encryption(even if they're "good guys") isn't really a healthy state for the internet to get into. Cloudflare adding cheap/free encryption too isn't really all that much better, seeing as they're already providing a middle layer to a larger-than-healthy portion of the internet.
True, but then you have contrarians like me who have minimal scripting and not a hell of a lot of CSS, so that 300ms shows up when you use testing sites like https://tools.pingdom.com. :)
Would it be faster if you lowered the key size?
Maybe, but reducing the key size makes the key easier to crack, and that's a bad idea. Better to compensate by optimizing your images, JS, CSS, and video assets, and implementing compression and caching.
By utilizing HTTPS, you are protecting your visitors who may be in a route where there is a man in the middle. Example someone at a Starbuck's with a hacked wifi router accesses your site using http through Starbuck's router.
I was very surprised to hear that Comcast injects. I'd want to learn more about that.
The biggest not-related-to-security benefit that I get from HTTPS (plus pretty strong CSP) is that ISPs cannot inject their pesky ads on my blog.