Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
HTTPS and You
Search
Tim Nash
January 01, 2017
Programming
0
1k
HTTPS and You
Brief Lightning talk on TLS
Tim Nash
January 01, 2017
Tweet
Share
More Decks by Tim Nash
See All by Tim Nash
Testing Fortifications - WordCamp Brighton
timnashcouk
0
450
Come to the dark side, they have cookies
timnashcouk
0
1.2k
Come to the dark side
timnashcouk
0
62
Practical WordPress Security 2018
timnashcouk
0
340
Practical WordPress Security
timnashcouk
0
1.6k
Baking Security into your workflow - Early
timnashcouk
0
980
Security is Everyone responsibility
timnashcouk
0
1.1k
Other Decks in Programming
See All in Programming
役立つログに取り組もう
irof
28
9.6k
CSC509 Lecture 09
javiergs
PRO
0
140
광고 소재 심사 과정에 AI를 도입하여 광고 서비스 생산성 향상시키기
kakao
PRO
0
170
ローコードSaaSのUXを向上させるためのTypeScript
taro28
1
610
3 Effective Rules for Using Signals in Angular
manfredsteyer
PRO
1
100
macOS でできる リアルタイム動画像処理
biacco42
9
2.4k
Make Impossible States Impossibleを 意識してReactのPropsを設計しよう
ikumatadokoro
0
170
エンジニアとして関わる要件と仕様(公開用)
murabayashi
0
290
弊社の「意識チョット低いアーキテクチャ」10選
texmeijin
5
24k
Pinia Colada が実現するスマートな非同期処理
naokihaba
4
220
『ドメイン駆動設計をはじめよう』のモデリングアプローチ
masuda220
PRO
8
540
Ethereum_.pdf
nekomatu
0
460
Featured
See All Featured
Building a Scalable Design System with Sketch
lauravandoore
459
33k
Code Review Best Practice
trishagee
64
17k
Making Projects Easy
brettharned
115
5.9k
Site-Speed That Sticks
csswizardry
0
24
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Agile that works and the tools we love
rasmusluckow
327
21k
Ruby is Unlike a Banana
tanoku
97
11k
It's Worth the Effort
3n
183
27k
Typedesign – Prime Four
hannesfritz
40
2.4k
The Invisible Side of Design
smashingmag
298
50k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
Transcript
HTTPS:// and you… Tim Nash [UK] https://timnash.co.uk
Tim Nash - WordPress Platform Lead & Developer Advocate at
HTTPS
HTTPS (HTTP over SSL)
SSL (Secure Socket Layer)
It’s all a LIE!!!!!
HTTP over TLS1.2
HTTPS (HTTP (secure)Encrypted)
None
Browser Server Request Packet Response Packet
Browser Server Request Packet Response Packet Client ‘Hello’ Server ‘Hello’
Cryptographic information Server Certificate Client Key Exchange Send’s Key info signed with servers key Sends Client Certificate Client ‘finished’ Server ‘finished’
None
Pitfalls
Force everything…
search replace http:// https://
Better still 301 all HTTP requests as well
Mixed Content
None
If it loads over HTTP it needs to load over
HTTPS
Third Party Scripts: Google Analytics, Forms
DEVELOPERS! Don’t hard code URLs
Certificate issues aka Red Screen of death
https://www.ssllabs.com/ssltest/
HTTP/2
Browser Server Requests Packets Response Packets Client ‘Hello’ Server ‘Hello’
Client Key Exchange Client ‘finished’ Server ‘finished’
Tim Nash timnash.co.uk @tnash 34SP.com
[email protected]
timnashcouk
irof
javiergs
kakao
taro28
manfredsteyer
biacco42
ikumatadokoro
murabayashi
texmeijin
naokihaba
masuda220
nekomatu
lauravandoore
trishagee
brettharned
csswizardry
reverentgeek
chriscoyier
rasmusluckow
tanoku
3n
hannesfritz
smashingmag
![HTTPS:// and you… Tim Nash [UK] https://timnash.co.uk](https://files.speakerdeck.com/presentations/039cffdb9c3f4c2584125c7bec5fa019/slide_0.jpg){kind=link}
![Tim Nash timnash.co.uk @tnash 34SP.com [email protected]](https://files.speakerdeck.com/presentations/039cffdb9c3f4c2584125c7bec5fa019/slide_25.jpg){kind=link}