jquerysf: https:
TRANSCRIPT
What’s TLS, anyway?
The Last Samurai?
Talking Loud Syndrome?
Triple Laser Surgery?
Tangy Louisiana Sauce?
Do I need it if my site isn’t very important?
Prevent injected ads and unwanted content.
(And protect your monetization strategy.)
Do I need it if my site isn’t very important?
Use powerful web features safely.
(Soon, “safely” will be the only way!)
How do I get TLS?
Step 1: Get a certificate.
Starts at about ~$10/year: Namecheap, SSLMate.
Free certs soon from Let’s Encrypt.
How do I get TLS?
Step 1: Get a certificate.
>= 2048-bit RSA or ECDSA key
One certificate per hostname (or wildcard)
How do I get TLS?
Step 2: Configure your server.
Check out sslmate.com for easy command-line config.
How do I get TLS?
Step 2: Configure your server.
And the Mozilla SSL Configuration Generator is another great tool.
How do I modify my app?
Update your links and content; serve everything over HTTPS.
<script src=”https://foo.com/script.js”><img src=”https://foo.com/img.jpg” />
How do I modify my app?
Send sensitive cookies over HTTPS only.
Set-Cookie: session_id=...; Secure; HttpOnly
How do I modify my app?
Tell browsers to only access your site over HTTPS.
Strict-Transport-Security: max-age=60000; includeSubDomains