Talking Drupal #161 - HTTPS

March 5, 2018

In episode #161 we talk about HTTPS!

Listen: 

00:00
 
download
Sign up for BONUS CONTENT

Watch: 

Topics: 

Upcoming Events

Patching Core

HTTPS

  • What is https and why does it exist
  • Recent histry with HTTPS
  • Securing your webste with HTTPS
  • Forcing HTTPS
  • HSTS

Modules: 

Secure Pages

HSTS

Resources: 

Nerd Summit

DrupalCon Nashville

Composer Patches

Blog - A Secure web is here to stay

Google Starts Giving A Ranking Boost to Secure HTTPS/SSL Sites

Let's Encrypt

Cert Signing Request

HSTS Preload Request Form

Comments

Warped replied on

Re: HTTPS Everywhere
Google wants HTTPS on all sites so NSA decrypting all user encrypted web traffic will be impossible or very difficult. Also that it's the standard, not the exception. If Facebook and Google can use encryption, then other sites really can't complain about the overhead. Especially on low usage websites.
To that end, we also need DNS privacy and security improved.
Wordpress sites like mysite.wordpress.com and others like it should be covered by wildcard certs for free.
While you might not give a brochure site any public data, they can be sending all kinds of personal data back from your browser that you might not want going over unencrypted traffic.
It would be nice if all devices (routers, printers, NAS) could have certificates and encryption that could be flagged if anything changes.
Encrypted web traffic does nothing if the infection is on the server or your computer.

Just a few thoughts I had while listening to your podcast.
Thanks for all the work that goes into the podcast.

Add new comment

Stay Updated

Sign up for our newsletter and receive

E-Mail Updates.

Promote Your Event

Learn about promoting your Drupal Event on Talking Drupal.

Event Promo