Talking Drupal #161 - HTTPS

March 5, 2018

In episode #161 we talk about HTTPS!





Upcoming Events

Patching Core


  • What is https and why does it exist
  • Recent histry with HTTPS
  • Securing your webste with HTTPS
  • Forcing HTTPS
  • HSTS




Re: HTTPS Everywhere
Google wants HTTPS on all sites so NSA decrypting all user encrypted web traffic will be impossible or very difficult. Also that it's the standard, not the exception. If Facebook and Google can use encryption, then other sites really can't complain about the overhead. Especially on low usage websites.
To that end, we also need DNS privacy and security improved.
Wordpress sites like and others like it should be covered by wildcard certs for free.
While you might not give a brochure site any public data, they can be sending all kinds of personal data back from your browser that you might not want going over unencrypted traffic.
It would be nice if all devices (routers, printers, NAS) could have certificates and encryption that could be flagged if anything changes.
Encrypted web traffic does nothing if the infection is on the server or your computer.

Just a few thoughts I had while listening to your podcast.
Thanks for all the work that goes into the podcast.

Add new comment