This article explains the concept of communication protocols, defines HTTP and its security shortcomings, introduces HTTPS with its encryption mechanisms, compares their performance and cost implications, and clarifies common misconceptions, helping developers understand why HTTPS is essential for modern web applications.
This tutorial walks through creating a self‑signed CA, generating keys and CSR, signing certificates, configuring nginx.conf for SSL, using the rewrite module, setting up fastcgi with PHP‑FPM, and testing the entire HTTPS setup on a Linux server.
This guide walks you through obtaining a free SSL certificate, configuring Nginx for HTTPS, and upgrading to TLS 1.2 on a CentOS server, ensuring your WeChat mini‑program can securely communicate with the backend, including detailed command‑line steps and essential software dependencies.
After Apple’s 2017 ATS enforcement requires all iOS apps to use HTTPS, developers must obtain an SSL certificate—such as a free Let’s Encrypt or Tencent Cloud‑issued GeoTrust certificate—install it on their web server (e.g., Nginx), optionally configure CDN encryption, and verify compliance with Apple’s security checks.
This article explains the fundamentals of the HTTPS protocol, details the SSL/TLS cryptographic components and handshake process, and provides a step‑by‑step guide for generating keystores, configuring Tomcat, modifying an Android client, and troubleshooting common issues during secure communication.
This article explains Chrome's green‑yellow‑red HTTPS indicators, the pitfalls of SHA‑1 certificates, mixed‑content warnings, AES key size choices, and provides concrete Nginx configuration snippets to upgrade to SHA‑2 and modern cipher suites.
This article explains why migrating to HTTPS is critical for modern web applications, outlines the technical challenges such as compatibility, latency, and attacks, and details Baidu's practical solutions and free options for small sites to adopt full‑site HTTPS securely and efficiently.
This article explains how DNS hijacking injects unwanted ads by exploiting HTTP's lack of encryption, identity verification, and integrity checks, and demonstrates how HTTPS, with SSL/TLS encryption, certificates, and integrity validation, protects users from such attacks while also discussing performance impacts.
This guide walks you through obtaining a free Let’s Encrypt certificate, installing it on typical hosting platforms, fixing common private‑key issues, verifying the setup, and enforcing HTTPS for all requests, all in under half an hour.
This article explains the fundamentals of HTTPS by comparing web communication to passing notes in a classroom, covering symmetric and asymmetric encryption, RSA key exchange, the role of Certificate Authorities, and how these mechanisms together protect against man‑in‑the‑middle attacks.
This article details how Qzone’s front‑end and operations teams tackled the 50% slowdown after switching to HTTPS on mobile, using SPDY, TCP and SSL session reuse, domain consolidation, and TLS tuning to shave more than 1000 ms off page load times.
This article uses a playful conversation between browsers and a reporter to explain how HTTPS secures web traffic by employing RSA public‑key encryption, digital signatures, certificate authorities, and the challenges of performance and man‑in‑the‑middle attacks, ultimately showing why modern browsers adopted HTTPS by default.
This article explains how to accelerate HTTPS access, reduce computational load, and harden security by applying protocol‑level tweaks such as TCP Fast Open, HSTS, session resumption, OCSP stapling, false start, SPDY/HTTP2, as well as practical deployment strategies like full‑site HTTPS, domain planning, connection reuse, and handling common migration issues.
This article explains how to improve HTTPS performance and security by optimizing protocol features such as TCP Fast Open, HSTS, session resumption, OCSP stapling, False Start, and SPDY/HTTP2, discusses computational enhancements like ECC and OpenSSL upgrades, and provides practical deployment guidance for large‑scale web sites.
The article explains that HTTPS combines HTTP with TLS to provide encryption, authentication, and data integrity, describes TLS versions, key‑exchange algorithms such as RSA and ECDHE, and analyzes the network round‑trip and CPU overhead that HTTPS introduces, while also discussing deployment costs and optimization considerations.
This article provides a comprehensive overview of HTTPS, explaining its purpose, advantages, and drawbacks, and delves into the underlying cryptographic concepts such as symmetric and asymmetric encryption, hash algorithms, digital signatures, digital certificates, and the detailed SSL/TLS handshake process.
This guide walks through setting up a virtual machine, installing and compiling Nginx, configuring its main, event, and http blocks, creating SSL certificates, and applying URL rewrite rules to serve different pages based on the client’s browser or device.
This article explains HTTPS fundamentals, its encryption mechanisms, differences from HTTP, the roles of symmetric and asymmetric cryptography, hash functions, digital signatures, certificate issuance and validation, as well as SSL/TLS protocols, handshake steps, and session resumption techniques that secure web communications.
This guide explains how Let’s Encrypt provides free SSL certificates, outlines its key features, shows step‑by‑step installation on CentOS (including Docker usage), demonstrates domain validation, certificate issuance, renewal and revocation, and details configuration files and supported plugins.
This article translates and expands a performance study that pits HTTPS, SPDY/3.1, and HTTP/2 against each other using Firefox and HttpWatch on Google UK's homepage, revealing trade‑offs in header compression, response size, connection multiplexing, and page‑load speed.
This guide details the step‑by‑step process of generating RSA keys, enabling SFTP and SSH services, creating users, uploading a web package, loading it onto the device, and configuring HTTPS/HTTP server functions to allow web‑based management of a Huawei switch.
This article explains the fundamentals of server certificates, private keys, and certificate authorities, classifies DV/OV/EV certificates, describes how to generate and inspect them, outlines CA history and notable incidents, and discusses PKI security measures such as HPKP and Certificate Transparency.
The article examines Alibaba’s large‑scale rollout of full‑site HTTPS across its e‑commerce platforms, detailing the technical hurdles of performance, compatibility, and operational planning, and describing the architectural solutions and optimizations that enabled secure, high‑performance user experiences.
Traffic hijacking, a form of man‑in‑the‑middle attack that injects unwanted ads or modifies web content, can be mitigated by HTTPS, which uses SSL/TLS for server authentication, encryption, and integrity, and the article explains the attack methods, HTTPS fundamentals, and practical deployment steps including Alibaba Cloud support.
This article explains how HTTPS certificates are trusted, the role of Certificate Authorities, how browsers verify signatures, common pitfalls such as compromised root certificates, and practical measures like CSP and gradual rollout strategies to ensure secure web deployments across different regions and devices.
This article explains the step‑by‑step process of TLS cipher suite negotiation between browsers and servers, covering browser‑side cipher listing, server‑side configuration, the meaning of cipher names, and how the final suite is selected, with practical Wireshark and PowerShell examples.
HTTPS enhances privacy and prevents traffic hijacking but introduces additional network round‑trip times and cryptographic computation, which can increase page load latency by several RTTs and tens of milliseconds, especially on first‑time connections, affecting overall user experience.
The article explains how HTTPS works, why traditional CDN architectures based on CNAME aliases can conflict with HTTPS certificate validation, and compares two common approaches—custom certificates and shared certificates—highlighting their security implications and performance considerations for web operators.
This article outlines the most common web application security threats—including XSS, SQL injection, CSRF, transmission hijacking, credential leaks, brute‑force attacks, and token theft—and provides practical mitigation techniques such as proper escaping, CSP, parameterized queries, CSRF tokens, HTTPS, HSTS, HPKP, encrypted password storage, two‑factor authentication, and robust token handling.
The article explains how malicious JavaScript can turn browsers into participants of DDoS attacks through techniques like server hijacking and man‑in‑the‑middle injection, and describes how HTTPS and the emerging Subresource Integrity feature can help protect websites from such threats.
The article explains how malicious JavaScript can be used to launch DDoS attacks through image flooding, server hijacking, and man‑in‑the‑middle injection, and describes mitigation techniques such as HTTPS, Subresource Integrity, and other security measures.
This article explains the HTTPS protocol, covering its combination of HTTP and TLS, the roles of symmetric and asymmetric encryption, key exchange methods like RSA and ECDHE, certificate-based authentication, data integrity checks, and practical considerations such as performance impact and deployment costs.
This guide walks through Apache httpd setup on CentOS, covering virtual host types (IP‑based, port‑based, name‑based), detailed configuration steps, access control methods for users and IPs, and enabling HTTPS with SSL certificates, complete with practical command examples and testing procedures.
This article walks through a real‑time TLS 1.0 handshake captured with Wireshark, explaining client and server hello messages, certificate verification, RSA key exchange, pre‑master and master secret derivation, key block generation, RC4 encryption, and how the encrypted HTTP request and response are finally delivered to the application layer.
While traditional login pages that redirect to HTTPS offer limited protection, modern floating login boxes embedded in insecure HTTP pages expose users to HTTPS‑downgrade attacks, XSS hijacking, and cache‑poisoning that can harvest credentials, making full‑site HTTPS the only reliable defense.
Web traffic hijacking exploits the plaintext nature of HTTP to inject malicious scripts, steal cookies and saved passwords, poison caches or offline storage, bypass HTTPS redirects, and even compromise downloads, making unauthenticated browsing, auto‑fill features, and public Wi‑Fi especially dangerous without proper defenses.
