Why does this site not have an SSL/TLS Cert for HTTPS?

[rocketcityman]

The title mostly says it. When I was registering I had to make up a new password that I wasn't concerned about being used elsewhere because all the traffic including passwords entered on this site will go over the wire in plain text as it currently is. Even if the webmaster made a self-signed cert (which you don't have to pay for) for the site that would be better than no cert at all... well, kinda/not really since it could easily be spoofed in that case... but still.

Admins?

 

[JamesD]

This is actually a very good question. Transmitting authentication credentials over plaintext http in this day and age is a bad idea for many, many reasons. Handling financial transactions without https, even through a third party like Paypal, is even more problematic.

SSL certs are cheap. I use them for my personal websites, and I have nowhere near 200k registered users.

 

[terri]

The OP's post has been reported, so the FF techs will be able to field this for him.

 

[JamesD]

Excellent. Hopefully they'll implement it. It only takes one admin's login getting sniffed to make for a bad day.

 

[ekool]

You may have noticed that as of a couple of days ago the site is now https only.

 

[dxqcanada]

Hmm, that's sneaky

It's a good thing.

 

[Cortian]

You may have noticed that as of a couple of days ago the site is now https only.

Excellent! Kudos to site Administration for making this happen.

 

[ekool]

Has anyone else felt that it made the site faster?

 

[dxqcanada]

Hmm, didn't notice any difference.

 

[Cortian]

Has anyone else felt that it made the site faster?

That's very unlikely.

 

[ekool]

Has anyone else felt that it made the site faster?

That's very unlikely.

Why is it unlikely?

 

[Cortian]

Has anyone else felt that it made the site faster?

That's very unlikely.

Why is it unlikely?

If the only change was adding SSL encryption, it not only wouldn't yield any performance increase, but could conceivably result in a performance decrease due to the encryption/decryption overhead at each end of the connection. This is particularly of interest to HTTP because web traffic consists of mostly lots and lots of little packets. Every packet incurs protocol overhead, which is exacerbated by SSL encryption.

Modern hardware and our modern network connections are fast enough that nobody would likely notice any negative impact, but there would certainly be no performance increase.

 

[ekool]

If the only change was adding SSL encryption, it not only wouldn't yield any performance increase, but could conceivably result in a performance decrease due to the encryption/decryption overhead at each end of the connection. This is particularly of interest to HTTP because web traffic consists of mostly lots and lots of little packets. Every packet incurs protocol overhead, which is exacerbated by SSL encryption.

Modern hardware and our modern network connections are fast enough that nobody would likely notice any negative impact, but there would certainly be no performance increase.

Since we upgraded to SSL we also enabled HTTP/2 and some extra image caching. The HTTP/2 protocol is much faster than HTTP 1.1 so I think it's made quite a difference.

 

[dxqcanada]

Hmmmmm.

 

[terri]

I can't say I have noticed much difference while on the laptop, but when accessing from my phone it has definitely seemed faster lately. No idea if the events are related.