Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [https]

HTTPS stands for HTTP Secure and is a combination of HTTP and SSL/TLS (Secure Sockets Layer/Transport Layer Security) and is used to provide an encrypted connection to a website.

HTTPS connections are often used for payment transactions and for sensitive transactions in corporate systems. They are increasingly being used for social networking sites like Facebook and Twitter to help prevent identity theft etc.

HTTPS on Wikipedia

2524 questions
15
votes
2 answers

How should I check if SSL session resumption is working or not?

I'm using nginx, and want to implement SSL session resumption. How should we I test if it is working? I have enabled these settings: ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m;
Sabya
  • 756
  • 3
  • 9
  • 22
15
votes
1 answer

Is POST data encrypted over an SSL connection?

I've set up my web server to use SSL (I'm using WAMP for my staging scenario before I move it on up to public servers). The purpose of the site at hand has succeeded and I am able to use the site from remote computers using the HTTPS protocol. A…
Honus Wagner
  • 265
  • 1
  • 2
  • 9
14
votes
2 answers

Proxy Websockets and HTTP through the same location in Nginx

Right now there's an application that allows people to connect to a Desktop app through the web by exposing an AngularJS web server powered by Atmosphere. The Desktop app exposes the current person's IP address so anyone with the address can connect…
Jose A
  • 243
  • 1
  • 2
  • 6
14
votes
4 answers

How to redirect HTTP to HTTPS on AWS Application Load Balancer?

Our website needs HIPAA compliance so everything needs to be encrypted. I don't want client to get an error message when they put in "http://mysite.com", so I need to support both HTTP and HTTPS, and redirect HTTP to HTTPS. Am I right? I did it…
Silly Dude
  • 558
  • 3
  • 9
  • 22
14
votes
2 answers

How can I tell if my website is vulnerable to CVE-2014-3566 (POODLE)?

Google announced a vulnerability in the SSLv3 protocol that ... allows the plaintext of secure connections to be calculated by a network attacker. This vulnerability has been given the designation CVE-2014-3566 and the marketing name POODLE. If I…
Jason Owen
  • 473
  • 1
  • 3
  • 12
14
votes
5 answers

Force https entire site without redirecting http to https

There were a plenty of discussions while I was researching how to make my entire site https. The most answers were to redirect http to https (.htaccess file), which is not good, because it's not good to do the same job twice (two requests). Also,…
Marko Tamburic
  • 181
  • 1
  • 1
  • 10
14
votes
3 answers

nginx responding to unknown host names?

I have two domains that point to the same server, one we'll call home and one we'll call web. I'm running nginx on port 80 for HTTP and 443 for HTTPS. In my server definitions, I've defined two servers: server { listen 80; server_name web; …
Naftuli Kay
  • 1,708
  • 6
  • 24
  • 44
14
votes
4 answers

HTTPS not working; binding set, certificate installed

I've installed the certificate and set up the HTTPS bindings. However, when I load the site on HTTPS it does not load. I've looked at all the settings but everything seems correct. I've restarted the server numerous times. The certificate is stored…
rksprst
  • 445
  • 1
  • 6
  • 9
13
votes
3 answers

Squid HTTPS Tunnelling using CONNECT very slow

I use squid on my network to cache content. I launch chrome with a command line switch that tells it to use the proxy. For the most part this works great as squid caches a large amount of content and with a limited number of users it performs…
Eric Urban
  • 232
  • 1
  • 2
  • 8
13
votes
2 answers

Possible to close port 80 and still use port 443?

I have a web application that should only be accessible through HTTPS. Is it possible, and a wise idea to close port 80 entirely? Are there any drawbacks to closing port 80, beyond the fact browsers can't hit it in a non-encrypted way? Search…
Allyl Isocyanate
  • 299
  • 1
  • 4
  • 9
13
votes
7 answers

Endless Redirect Loop with AWS ELB and wordpress site using wordpress https plugin

I have configured an AWS ELB to point to my Ubuntu Server running the Wordpress 3.2.1. Everything worked great on the server until I put it behind a load balancer. I setup the load balancer to forward port 80 to port 80 and port 443 to port 80. I…
ChickenFur
  • 479
  • 2
  • 5
  • 15
13
votes
3 answers

IIS URL Rewrite HTTP to HTTPS with Port

My website has two bindings: 1000 and 1443 (port 80/443 are in use by another website on the same IIS instance). Port 1000 is HTTP, port 1443 is HTTPS. What I want to do is redirect any incoming request using "htt p://server:1000" to…
Andy Arismendi
  • 1,188
  • 5
  • 16
  • 27
12
votes
1 answer

Does cloudflare know the decrypted content when using a https connection?

CloudFlare provides ssl support. However, if a visitor visits a website protected by CloudFlare, is CloudFlare able to know the plain data transfered during this visit? There are a few SSL options: Flexible SSL Full SSL Full SSL (strict) I know…
xuhdev
  • 890
  • 2
  • 8
  • 20
12
votes
6 answers

Why is https not working?

I am trying to redirect just the root of my site to https. Although the rewrite happens, https does not yield anything. The browser says. connecting to thinkingmonkey.me... and stagnates. Listen 80 & Listen 443 are present in the conf file. I…
ThinkingMonkey
  • 476
  • 1
  • 9
  • 18
12
votes
3 answers

Can Https work without a certificate?

Recently our infrastructure team told our development team that you do not need a certificate for https. They mentioned that the only benefit of buying a certificate was to give the consumer peace of mind that they are connecting to the correct…
Mark
  • 235
  • 1
  • 2
  • 7
1 2 3
99 100