Author Topic: Bitsum.com goes 100% SSL  (Read 2447 times)

Offline Jeremy Collake

  • Administrator
  • Member#
  • *****
  • Posts: 5243
  • Gender: Male
  • The Lasso
    • Bitsum
Bitsum.com goes 100% SSL
« on: June 07, 2014, 02:16:22 PM »
*ALL* traffic at Bitsum.com is being migrated to SSL because we endeavor to set a good example and remain at the forefront of information security. Enjoy!


Software Engineer. Bitsum LLC.

Offline BenYeeHua

  • Member#
  • *****
  • Posts: 2243
  • Gender: Male
Re: Bitsum.com goes 100% SSL
« Reply #1 on: June 07, 2014, 05:09:56 PM »
And, you got this, HTTP/1.1 update. ;D
http://evertpot.com/http-11-updated/ (http://evertpot.com/http-11-updated/)

Offline Jeremy Collake

  • Administrator
  • Member#
  • *****
  • Posts: 5243
  • Gender: Male
  • The Lasso
    • Bitsum
Re: Bitsum.com goes 100% SSL
« Reply #2 on: June 07, 2014, 05:21:56 PM »
Interesting, though the latest HTTP protocol spec doesn't directly affect Bitsum, though of course our servers will always be running the latest version of whatever web server we are operating on (currently Apache).

Hopefully in the future all web traffic will be encrypted. It's absurd that it's not already. Trying to pick and choose which pages need encryption was always a bad idea.
Software Engineer. Bitsum LLC.

Offline Jeremy Collake

  • Administrator
  • Member#
  • *****
  • Posts: 5243
  • Gender: Male
  • The Lasso
    • Bitsum
Re: Bitsum.com goes 100% SSL
« Reply #3 on: June 07, 2014, 05:23:51 PM »
And maybe someday Amazon will follow ... considering how large a retailer they are, and how revealing your shopping habits can be, it's unbelievable they don't encrypt all traffic. I mean, they even run the largest cloud hosting service (AWS), but don't even encrypt the traffic to their retail area. They ONLY encrypt login, account settings, and purchasing pages.
Software Engineer. Bitsum LLC.

Offline BenYeeHua

  • Member#
  • *****
  • Posts: 2243
  • Gender: Male
Re: Bitsum.com goes 100% SSL
« Reply #4 on: June 08, 2014, 08:01:10 AM »
They will, if no NSA trying to make HTTP/2.0 become HTTP only.

As I know, HTTP/2.0 will force always use SSL for now, but anything can be changed, so it is better hope they will accept it.
If you want a stable version of HTTP/2.0, you can try SPDY, HTTP/2.0 is based on SPDY, so far most server(Google) don't push the data to the client, which is a useful feature to prefetch data. :)