Internet > Web Browsing & Email

https upgrade

(1/1)

Weaver:
Say I have a web server that supports TLS. If a user connects with http 1.x not https, then can I force them to upgrade to https or die? That is, not accepting ‘no’ for an answer, so telling them to get stuffed if they claim they just can’t speak https?

Is the same true now for older https family protocols ? So could you ban SSL 3.0 or lower, ir even ban anything below TLS 1.2

Chrysalis:
yes you can add a redirect to https if someone accesses via http, which would of course make them fail if they either dont talk https or they reject all your ciphers.

You can also only allow specific protocols.

Some more info here.

https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html

Let me know if you need it for a different webserver.

kitz:
I do what Chrys recommends.   I redirect all http to https.

Navigation

[0] Message Index