blogs

Security Update SSL

posted: Nov 08, 2017 by: baha

TLDR;
If you aren't familiar with TLDR; it stands for Too Long Didn't Read. It's very common in IT articles and since this is more of a technical blog post, I figured I would include it. If you've ever written technical documentation for something complex, you can probably relate.

I don't know for sure, but I'm going to say this is probably what caused the birth of TLDR;

Operations: Hey what is server xyz used for?
Engineer: Oh, did you not get a copy of the supporting documentation you requested? I can send you another copy.
Operations: Yes, but it was too long, I didn't read it.

Anyway, SSL has recently been implemented on our Site. We were already planning to do this but browser vendors and other software providers began blocking users from accessing sites which don't support SSL this year. We implemented redirects to preserve your bookmarks. Check our blog often for more site updates.

Introduction
I'm sure by now most of you have heard of SSL, or at least noticed that the url for many of the sites you visit begin with https. SSL stands for Secure Socket Layer. You might be thinking, cool story bro, why should I care? SSL is what keeps your data secure while transmitting it across the internet. Now when you connect to your favorite website, ahem StreetSource.com, there is a handshake between your device and the site. This hand shake sets up an encrypted channel and keeps your data secure during transmission!

thread post photo


Your security is important to us, so this year we've been working towards implementing SSL for the entire site, and as it turns out, it was good timing on our part! In late 2016, Google announced that it was going to begin flagging sites not using SSL in 2017.

Here is a link to the announcement:
https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html

Besides Google, other software providers have been taking their own steps to protect their users and block their users from performing some functions on sites with out SSL. Please let us know what you've encountered and we will update this list.

Observed Actions
- Some Firefox Users were unable to login to the site without having to adjust their settings
- A Kapersky Antivirus User was unable to login to the site, without first disabling Kapersky
- Google Chrome Users were shown not secure while browsing the site

As you can imagine, receiving reports of users not being able to login has put a rush on our SSL implementation. We were also in the middle of refactoring our code for framework security updates when this news hit so yeah, we've been busy. If you notice any bugs, please let us know.

thread post photo


Redirects
We've set up site wide http to https redirects, so no need to worry about updating your book marks and other links. We are planning to keep this inplace indefinitely for the time being. Do you want to see what I mean? Test it out, go to the url http://www.streetsource.com and you will be automatically redirected to https://www.streetsource.com .

Wrapping Up
That concludes this blog post. I'm trying to get better at posting site updates. I work on the site just about every night but I don't always block off time to write these blogs. Until next time, thanks for reading!

Also, get some gear from our store! It's secure too.
https://shop.streetsource.com

thread post photo

This blog has been viewed 5914 times.

No one has commented yet, be the first to post!
Page 1 of 0