Welcome, guest! Please login or register.

    Author Topic: Mandatory HTTPS!  (Read 4955 times)

    0 Members and 1 Guest are viewing this topic.

    Offlinesini

    • Member
    • ****
    • *
    • *
    • Posts: 5,785
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #20 on: October 29, 2015, 04:42:03 AM »
    what
    does
    it
    matter
    david

    OfflineDavidi2

    • Member
    • ****
    • *
    • Posts: 23,308
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #21 on: October 29, 2015, 01:14:10 PM »

    OfflineMoparisthebest

    Re: Mandatory HTTPS!
    « Reply #22 on: October 30, 2015, 03:52:25 PM »
    As far as I can tell, there aren't any downsides, and it's a good fallback if for some reason we have a cert problem and everyone wont be able to view the site because "THIS CONNECTION IS UNTRUSTED"

    Actually new Firefox, and soon if not already Chrome and then inevitably other browsers now show a big "THIS CONNECTION IS UNTRUSTED" warning on http. :)  That was actually one of the many reasons to do this.
    forum.moparisthebest.com
    You can have my gun when you pry it from my cold, dead hands.
    Linux users, we do it in the open.

    OfflineDavidi2

    • Member
    • ****
    • *
    • Posts: 23,308
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #23 on: October 30, 2015, 05:30:26 PM »
    As far as I can tell, there aren't any downsides, and it's a good fallback if for some reason we have a cert problem and everyone wont be able to view the site because "THIS CONNECTION IS UNTRUSTED"

    Actually new Firefox, and soon if not already Chrome and then inevitably other browsers now show a big "THIS CONNECTION IS UNTRUSTED" warning on http. :)  That was actually one of the many reasons to do this.
    Do you have a source for that? I believe that is incorrect. AFAIK that warning shows when you attempt to use https and the site has an invalid cert. I use the latest firefox and never get that warning on http.

    OfflineJustin Bieber

    • Member
    • ****
    • Posts: 2,942
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #24 on: October 30, 2015, 06:24:01 PM »
    https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
    http://www.cnet.com/news/chrome-becoming-tool-in-googles-push-for-encrypted-web/

    I've always found it a bit bizare that browsers have been letting people browse unencrypted websites with no warning for all these years, but as soon as a website that actually uses encryption presents a bad cert you get a massive fuck off warning about it.

    maybe microsoft were way ahead of their time when they had this shit in 1920 or whenever it was:

    OfflineDavidi2

    • Member
    • ****
    • *
    • Posts: 23,308
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #25 on: October 30, 2015, 07:22:20 PM »
    Ok so yeah, it's not on firefox yet.

    OfflineJustin Bieber

    • Member
    • ****
    • Posts: 2,942
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #26 on: October 30, 2015, 08:05:57 PM »
    oh maybe we should have just waited then, fudge security anyway amirite guys

    OfflineDavidi2

    • Member
    • ****
    • *
    • Posts: 23,308
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #27 on: October 30, 2015, 11:09:35 PM »
    or maybe you should stop being a sarcastic asshole. i was just factchecking the incorrect statement

    OfflineRuneAgent

    • wololo
    • Member
    • ****
    • *
    • *
    • Posts: 7,521
    • Thanks: +0/-0
      • View Profile
      • MITB FORUMS
    Re: Mandatory HTTPS!
    « Reply #28 on: October 31, 2015, 06:10:45 AM »
    It should also be noted that google search engine algorithms rank mandatory https higher.

    OfflineDavidi2

    • Member
    • ****
    • *
    • Posts: 23,308
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #29 on: October 31, 2015, 01:20:35 PM »
    I like being able to cache my webpages. My internet is slow as it is especially in my area, having to always load the page isn't really something I'd fancy.

    Security over performance, in my case I'd prefer performance.
    What area are you in, just out of curiosity
    « Last Edit: October 31, 2015, 01:22:13 PM by Davidi2 »

    OfflineJustin Bieber

    • Member
    • ****
    • Posts: 2,942
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #30 on: October 31, 2015, 02:08:29 PM »
    I like being able to cache my webpages. My internet is slow as it is especially in my area, having to always load the page isn't really something I'd fancy.

    Security over performance, in my case I'd prefer performance.
    Is that because you're trying to cache with a proxy? I used to do this on my old network since it was slow as balls.

    It is definitely possible to have a proxy server cache https - I did it for a few selected domains (google, youtube, wikipedia). If you wanted to support every website you'd have to setup your own CA on the server, trust it from each machine, and have the server dynamically issue certs for each website you visit. Sounds like a pain in the ass but if you genuinely need a proxy cache that's your only option, since that's the way the internet is moving.
    « Last Edit: October 31, 2015, 02:35:30 PM by Justin Bieber »

    OfflineJustin Bieber

    • Member
    • ****
    • Posts: 2,942
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #31 on: November 01, 2015, 07:46:03 AM »
    I'm not using a proxy, haven't thought about it really. I wouldn't really want to use it though;.
    So your browser doesn't cache content served over https? That doesn't sound right at all.

    OfflineJustin Bieber

    • Member
    • ****
    • Posts: 2,942
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #32 on: November 01, 2015, 10:09:34 AM »
    I'm not using a proxy, haven't thought about it really. I wouldn't really want to use it though;.
    So your browser doesn't cache content served over https? That doesn't sound right at all.
    HTTPS does not cache content at all
    HTTPS handles caching in the exact same way as HTTP. If your browser isn't caching secure pages then this is because it is *choosing* not to do so. Either change the setting, upgrade, or switch to a better browser.

    It may also be the case that certain websites (possibly this one??) are not sending the correct cache control headers over https due to misconfiguration. Again, webmasters problem that needs to be raised with them.

    OfflineJustin Bieber

    • Member
    • ****
    • Posts: 2,942
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #33 on: November 01, 2015, 11:26:37 AM »
    No need to apologise, if you want to use old broken tech then the onus is on you when shit goes wrong.

    Regardless, IE does cache HTTPS by default provided the server sends the correct headers. If it doesn't, then report it to mitb and I'm sure he'll fix it. If it doesn't work even with the correct headers then report it to microsoft because this is a bug. Your responsibility as an end user doesn't include having to mess around with technical config but all you're doing is old man grumbling if you don't report faults.

    Offlinejustaguy

    • Member
    • ****
    • *
    • Posts: 721
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #34 on: November 01, 2015, 11:42:29 AM »
    Your problem is that you're still using IE.
    RIP

    OfflineJustin Bieber

    • Member
    • ****
    • Posts: 2,942
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #35 on: November 01, 2015, 02:01:07 PM »
    Even so, the cost of using SSL is another downfall for speed. I sometimes browse the site on 3g when I'm on the go, certain places I get E or even GPRS, it's understandable for slow speed however using 3G or poor 4G it's a bit of a wait.
    I don't think you should be getting such a big performance hit on mobile. Maybe if the latency is already a few seconds then worse case add a few more for https. If what you're saying is true and not just perceived I bet there are more optimisations to be made on the server (session reuse would help a lot of its not doing it already).

    Can you run this to quantify the difference? https://www.httpvshttps.com/ Https was faster for me but I imagine it'll be different on a high latency network.

    It would also be interesting to see the results of that on your slow home connection.

    Offlinet4

    • Member
    • ****
    • *
    • *
    • *
    • Posts: 6,799
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #36 on: November 01, 2015, 03:32:35 PM »
    Even so, the cost of using SSL is another downfall for speed. I sometimes browse the site on 3g when I'm on the go, certain places I get E or even GPRS, it's understandable for slow speed however using 3G or poor 4G it's a bit of a wait.
    I don't think you should be getting such a big performance hit on mobile. Maybe if the latency is already a few seconds then worse case add a few more for https. If what you're saying is true and not just perceived I bet there are more optimisations to be made on the server (session reuse would help a lot of its not doing it already).

    Can you run this to quantify the difference? https://www.httpvshttps.com/ Https was faster for me but I imagine it'll be different on a high latency network.

    It would also be interesting to see the results of that on your slow home connection.
    cool test, HTTP is 356% slower than HTTPS for me

    OfflineJustin Bieber

    • Member
    • ****
    • Posts: 2,942
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #37 on: November 01, 2015, 03:37:24 PM »
    yea I got that a couple of times too, probably caching.. it recommends running each test in a fresh session.

    Offlinet4

    • Member
    • ****
    • *
    • *
    • *
    • Posts: 6,799
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #38 on: November 01, 2015, 03:38:50 PM »
    yea I got that a couple of times too, probably caching.. it recommends running each test in a fresh session.
    but HTTPS cannot cache? :confused::confused::confused::confused::confused::confused:

    OfflineDavidi2

    • Member
    • ****
    • *
    • Posts: 23,308
    • Thanks: +0/-0
      • View Profile
    Re: Mandatory HTTPS!
    « Reply #39 on: November 01, 2015, 03:40:29 PM »
    I definitely trust the results of a website that says "https is faster" in the title before even letting you run the test. It takes me 5 seconds to load 2mb of images? I call bullshit.

    yea I got that a couple of times too, probably caching.. it recommends running each test in a fresh session.
    It says in the description that it has disabled caching completely on the webserver. (Part of why HTTPS might be faster for some people, they are giving it the best possible circumstances; though I personally suspect they have other settings too)
    « Last Edit: November 01, 2015, 04:05:50 PM by Davidi2 »

     


    Users found this pages searching for:

    Copyright © 2016/17 MoparScape. All rights reserved.