Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

HTTPS? Yes, please.

392 views

Published on

This talk will focus on the factors that are driving HTTPS adoption across the web and why it’s a good idea to secure every project. We will go over how SSL became an SEO rank factor, how it opens doors to performance optimizations through the new HTTP/2 protocol, and how it is now much more accessible with the free SSLs provided by the Let’s Encrypt initiative.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

HTTPS? Yes, please.

  1. 1. HTTPS? YES, PLEASE. J and Beyond 2016 Kiril Hristov @kirilhristov
  2. 2. UX Tech Business
  3. 3. STATE OF ENCRYPTION online store, banks and others that transmit sensitive data art blog, tech site, brochure website and others that seem harmless
  4. 4. LET’S FREAK OUT Reason 1: Privacy
  5. 5. NETWORK SNIFFING
  6. 6. NETWORK SNIFFING
  7. 7. WIFI PROBLEMS • We use unsecured networks • Passwords are crackable
  8. 8. SSL • You are talking to who they claim to be. • No one can see the conversation. • No one has tampered with the data.
  9. 9. HOW SSL WORKS
  10. 10. Client Server private public RNc Client hello, SSL session request, RNcRNc RNc RNs Server hello, sends over SSL cert, Public Key, RNs RNs public RNs public PMSc PMSc, encrypted with the Public KeyPMSc PMSc MSMS Each side calculates the MS, starts using it for secure communication MS MS
  11. 11. HTTP2 Reason 2: Speed
  12. 12. HTTP2 • Need SSL to run http2 • Faster site performance (multiplexing, header compression, server push) • Easy implementation when web host supports it
  13. 13. DEMO TIME
  14. 14. HTTP1.1 HTTP 2 bit.ly/testhttp2
  15. 15. IT’S GOOD FOR SEO Reason 3: Rank Higher
  16. 16. LET’S ENCRYPT Reason 4: It’s Free
  17. 17. • Free Security • Easy Installation bit.ly/encrypt4free • No Dedicated IP Required • Trusted by all Major Browsers • Auto Renewable
  18. 18. IMPLEMENTATION
  19. 19. 1. Get a certificate 2. Configure your server bit.ly/hardwayssl 3. Configure your site (Joomla!) 4. Test the configuration ssllabs.com
  20. 20. GLOBAL CONFIGURATION -> SERVER -> FORCE SSL : ENTIRE SITE
  21. 21. MODULE MANAGER -> LOGIN FORM -> ENCRYPT LOGIN FORM:YES
  22. 22. TEST THE CONFIGURATION SSLLABS.COM
  23. 23. FIX MIXED CONTENT bit.ly/mixedcontentcheck
  24. 24. QUESTIONS? YES, PLEASE. Kiril Hristov @kirilhristov

×