SPDY / SSL / HTTP/2 Questions

SatGuyScott

SatGuyScott

Active member
Today I installed a Wildcard SSL Certificate on my server which is running NGINX 1.8.0. I mainly needed it for mail security. But figured what else can I do with it.

So now looking into SPDY or HTTP/2 support.

My question is if I use SPDY or HTTP/2 do I have move my website to https;//???

This is something I do not want to do, as I have so much on the site that is coming from other sites (such as ads, image attachments, etc.) and do not want my users getting a message that the page they are viewing has both secure and unsecure elements on it. But I still would like to take advantage of the speed that SPDY / HTTP/2 offers.

So can this be done?
 
Yes, you do - that's the nature of SPDY and HTTP/2. You connect via secure protocol (HTTPS). And yes, it will effect it so don't use it - because you will get content warnings if you do (that's why I took my Recumbent Bike forum back to HTTP - needed some BBcodes that pull from non-SSL sites).
 
Tracy Perry said:
Yes, you do - that's the nature of SPDY and HTTP/2. You connect via secure protocol (HTTPS). And yes, it will effect it so don't use it - because you will get content warnings if you do (that's why I took my Recumbent Bike forum back to HTTP - needed some BBcodes that pull from non-SSL sites).
Click to expand...
If you have a valid SSL cert why not at least make some parts of the site use TLS/SSL. You will be providing passwords clear text othrwise!
 
Fayettemat said:
If you have a valid SSL cert why not at least make some parts of the site use TLS/SSL. You will be providing passwords clear text othrwise!
Click to expand...
Because it really serves no purpose since I don't sell anything, the speed difference was nice, but the additional hassle is not worth in in the long run. If I was really worried about security, I'd also force 2FA on all the users.
 
Fayettemat said:
I totally disagree with this. You are sending passwords that your members are likely to be using else where in clear text..
Click to expand...
Again, as I said, it serves no useful purpose. Just because they use the same password on my site as others your assumption presumes that all other sites are SSL protected. They aren't (classic case of the BBcodes not working when under SSL as proof of that). You have to weigh the cost to benefit analysis. And for that site, it's not there.
 
Tracy Perry said:
Again, as I said, it serves no useful purpose. Just because they use the same password on my site as others your assumption presumes that all other sites are SSL protected. They aren't (classic case of the BBcodes not working when under SSL as proof of that). You have to weigh the cost to benefit analysis. And for that site, it's not there.
Click to expand...
I can understand your point, however, I think we should agree to disagree on this as we've both laid out the case and reason for both sides. If you would like to talk more about this type of thing in private I'd welcome a PM on it but don't want to derail this thread.

Back on topic though: what sites are not SSL that you are using bbcode for?
 
I've switched to Strava 100% (I used to use Runkeeper, but that really started to annoy me).
 
You must log in or register to reply here.

Similar threads

Frode789
Some questions about HTTP/1.1/SSL
Replies
2
Views
690
Frode789
Frode789
א
  • Question Question
2 questions
Replies
3
Views
772
Paul B
P
Damien Alexander
  • Question Question
XF 2.1 How to Import from IPS (2 Questions)
Replies
2
Views
654
Damien Alexander
Damien Alexander
C
  • Question Question
XF 2.0 2 Questions on CSS & Font Size
Replies
0
Views
540
Chad
C
MentaL
  • Question Question
Large Forum - VB4 to Xen 2.. Questions
Replies
18
Views
14K
RobParker
R
Back
Top Bottom