HTTPS? YES, PLEASE.

J and Beyond 2016

Kiril Hristov @kirilhristov

UX Tech

Business

STATE OF ENCRYPTION

online store, banks and others that

transmit sensitive data

art blog, tech site, brochure website and others that

seem harmless

LET’S FREAK OUTReason 1: Privacy

NETWORK SNIFFING

NETWORK SNIFFING

WIFI PROBLEMS• We use unsecured

networks• Passwords are

crackable

SSL• You are talking to who they

claim to be.

• No one can see the conversation.

• No one has tampered with the data.

HOW SSL WORKS

Client Server

private

public

RNc

Client hello, SSL session request, RNcRNc

RNc

RNs

Server hello, sends over SSL cert, Public Key, RNs

RNspublic

RNspublic

PMSc PMSc, encrypted with the Public KeyPMSc PMSc

MSMS

Each side calculates the MS, starts using it for secure communicationMS MS

HTTP2Reason 2: Speed

HTTP2• Need SSL to run http2

• Faster site performance (multiplexing, header compression, server push)

• Easy implementation when web host supports it

DEMO TIME

HTTP1.1 HTTP 2

bit.ly/testhttp2

IT’S GOOD FOR SEOReason 3: Rank Higher

LET’S ENCRYPTReason 4: It’s Free

• Free Security

• Easy Installation bit.ly/encrypt4free

• No Dedicated IP Required

• Trusted by all Major Browsers

• Auto Renewable

IMPLEMENTATION

1. Get a certificate

2. Configure your server bit.ly/hardwayssl

3. Configure your site (Joomla!)

4. Test the configuration ssllabs.com

GLOBAL CONFIGURATION -> SERVER -> FORCE SSL : ENTIRE SITE

MODULE MANAGER -> LOGIN FORM -> ENCRYPT LOGIN FORM:YES

TEST THE CONFIGURATION SSLLABS.COM

FIX MIXED CONTENT

bit.ly/mixedcontentcheck

QUESTIONS? YES, PLEASE.

Kiril Hristov @kirilhristov