Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
HTTPS and You
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Tim Nash
January 01, 2017
Programming
1k
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
HTTPS and You
Brief Lightning talk on TLS
Tim Nash
January 01, 2017
More Decks by Tim Nash
See All by Tim Nash
Testing Fortifications - WordCamp Brighton
timnashcouk
0
480
Come to the dark side, they have cookies
timnashcouk
0
1.4k
Come to the dark side
timnashcouk
0
79
Practical WordPress Security 2018
timnashcouk
0
440
Practical WordPress Security
timnashcouk
0
1.7k
Baking Security into your workflow - Early
timnashcouk
0
990
Security is Everyone responsibility
timnashcouk
0
1.1k
Other Decks in Programming
See All in Programming
Agentic UI
manfredsteyer
PRO
0
200
才能?センス?知らん、 続けたもん勝ちだ。-- 結婚・出産・癌を越えてなお、私がプロダクトを創り続ける理由
16bitidol
1
460
Creating Composable Callables in Contemporary C++
rollbear
0
170
脅威をエンジニアリングの糧にして――現場編 / Turning Threats into Engineering Fuel — Field Edition
nrslib
0
300
Vue × Nuxt × Oxc どこまで使える?実運用の現在地
andpad
0
300
スマートグラスで並列バイブコーディング
hyshu
0
260
Hunting Vulnerabilities in Symfony with LLMs
vinceamstoutz
0
560
Webフレームワークの ベンチマークについて
yusukebe
0
180
メソッドのジェネリクスでGoの夢は広がるか? / Kyoto.go #65
utgwkk
3
970
ECSアプリログをFireLensでコスト削減しようとしたけど諦めた話 in Fargate×Node.js
akihisaikeda
2
4.2k
鹿野さんに聞く!『TypeScriptコードレシピ集』で磨く実践力
tonkotsuboy_com
4
850
1B+ /day規模のログを管理する技術
broadleaf
0
120
Featured
See All Featured
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
4k
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
1
400
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
420
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
livdayseo
0
140
Measuring Dark Social's Impact On Conversion and Attribution
stephenakadiri
2
220
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.8k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.3k
Designing for Performance
lara
611
70k
More Than Pixels: Becoming A User Experience Designer
marktimemedia
3
450
Six Lessons from altMBA
skipperchong
29
4.3k
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
1
250
Marketing to machines
jonoalderson
1
5.5k
Transcript
HTTPS:// and you… Tim Nash [UK] https://timnash.co.uk
Tim Nash - WordPress Platform Lead & Developer Advocate at
HTTPS
HTTPS (HTTP over SSL)
SSL (Secure Socket Layer)
It’s all a LIE!!!!!
HTTP over TLS1.2
HTTPS (HTTP (secure)Encrypted)
None
Browser Server Request Packet Response Packet
Browser Server Request Packet Response Packet Client ‘Hello’ Server ‘Hello’
Cryptographic information Server Certificate Client Key Exchange Send’s Key info signed with servers key Sends Client Certificate Client ‘finished’ Server ‘finished’
None
Pitfalls
Force everything…
search replace http:// https://
Better still 301 all HTTP requests as well
Mixed Content
None
If it loads over HTTP it needs to load over
HTTPS
Third Party Scripts: Google Analytics, Forms
DEVELOPERS! Don’t hard code URLs
Certificate issues aka Red Screen of death
https://www.ssllabs.com/ssltest/
HTTP/2
Browser Server Requests Packets Response Packets Client ‘Hello’ Server ‘Hello’
Client Key Exchange Client ‘finished’ Server ‘finished’
Tim Nash timnash.co.uk @tnash 34SP.com
[email protected]