There are some interesting piece of news today, Firefox 83 introduces HTTPS only mode
what does that mean for us, is it a good change. will this be to this self HSTS another technologies and all this development is a permanent change for the future of all browsers? , how about we jump into a discussion
so guys, what does this mean HTTPS only in summary if you go now from now on in Firefox 83,if you enable this mode then any website you visit Firefox will always attempt to connect a port 443 and attempt to establish TLS with the target server that turn force obviously secure connection.
so you might say why don’t everybody just do that,well the web has been therefore very very long time guys and for the longest time port 80 and unsecure communication is the default and a lot of websites are like this despite this being changing so the behavior of the browsers today if you go to a website let’s take an example and type Example.com and if I don’t specify the protocol there that is HTTP “::” or if HTTPS then the browsers have to make a guess after doing the DNS.
so the first thing is going to do the DNS gets by the IP address and now it has to establish a TCP connection with a port, but how does it know? if the port is not specified here it could mean two things it could mean either the HTTP protocol which is port 80 by default or the HTTPS protocol which is 443 after which we need to do a TLS to incur the session .so this guess by default is favored for the longest time on the port 80
SEE ALSO : 5 Best Linux distros for beginners in 2020
so then that you get not secure so that means you exercise port 80 that means you went through insecure route. what’s wrong with that what’s wrong with unsecure stuff well first of all any person in the middle that includes your ISP then kills firewalls which leads people sniffing your traffic, if that traffic goes through them, they can see your traffic
so that’s bad most importantly, they can temper that traffic and show you stuff that doesn’t sound right with encrypted traffic they cannot do that.
so now The next thing is okay, let’s just move everything to HTTPS and that’s what people trying to do. Firefox is looking like it’s going to do that in the future
so there is another technology called HSTS, okay since we can’t really assume that the server supports 443 and support CLS support security communication so we let the server tells us and that’s what this is the HSTS ( track transport security )
so if you go through an unsecure site that is if the web server configured their service, so it returns a special header which say, please. I know you communicated with me on port 80 and insecurely through a protocol http but in the future please communicate through HTTPS for the next year, and that’s what it means.
so what the browser will do is say, okay I’m gonna add this brand domain that I just visited into my HSTS list so that in the future. I don’t have to make the decision, but that’s now become very tricky because now how big is this list, right? I have to maintain a list
so firefox now pushing this is really interesting another question to you guys, do you think that this is gonna be the default from now on, and will future browsers make this the default option at all?
do you think that or do you think this can never happen because we have a lot of government websites that don’t unfortunately don’t have a CDS and if you block that Then it’s gonna be a problem, right?
So here’s the thing what Firefox does it doesn’t really block you but just give you the warning “alert secure connection not available do you want to continue“
it’s gonna give you an option to continue obviously that’s exactly what they did with TLS 1.1 and TLS 1.0 when they disabled it .But I think that’s good.
I think this if we do this, then the web servers will be forced to upgrade their services cause now it’s just easier than ever. I mean with a service let’sencrypt and ondemand TLS. This is now easier than ever
what do you guys think about this change do you think it’s gonna be persistent and do you think all the browsers will make a default let me know the comment section below.