Why NO HTTPS on this blog?
I have always been a proponent of HTTPS everywhere, hence some friends in the industry have brought up why I have not used HTTPS yet to secure this blog.
Firstly the blog did have a secure connection when hosted on the .blogspot domain. Google offered it for free and automatically for all .blogspot hosted blogs. You just had to flick a switch in the settings!
Recently I bought this custom domain which is still hosted for free by google’s blogger service, and the situation is google does not allow an HTTPS connection setup on custom domains yet.
While I do see some tricks out there using cloudflare, I’m a little skeptical about the approach and afraid it might break something, especially with a comment like this.
Looks like an interesting experiment with Wireshark to me.
And in case you are wondering why a simple static blog with no login screen needs HTTPS like most people still think, you should give a read to Still think you don’t need HTTPS?.
He puts rest to myths of “TLS causing CPU overhead” to rest and shows you how HTTPS makes your site faster. And more over google loves HTTPS more than HTTP sites now.
So now that I am on a job hunt, I have some time to figure how to go HTTPS on this blog. Let’s get on it.