I’ve found I use these URLs a lot and it’s a bit annoying having to wait sometimes 5 seconds before it even starts to load the page I want. I understand all the steps it’s taking, but would it be possible to optimise? (I’d be happy to help because I know it’s not a priority for you, but I’m a stranger on the internet )
On my own server at home - which has nothing secure on either and I happily left running as a dumb HTTP server for 15 years - I had to install Nginx as a HTTPS wrapper around it, for one single reason: modern browsers give you increasingly ungodly amounts of shit when you connect to “insecure” sites nowadays.
This annoys me no end, as it’s my own server, it’s running inside my house behind my firewall, and it’s for my family. But now they’re being served with “connection insecure” pages that they can’t even override anymore, with no option to disable it. So… HTTPS and dealing with valid certificates even when you don’t need any of this.
Yes by setting HSTS (Strict Transport Security) header so we directly connect to https. TLS all the things, even if they seem to not need it. There’s at least the threat of man in the middles redirecting to IAR! TLS with HSTS prevents that, it forces TLS even when requesting http links. After loading the page once, browsers will only connect over https.
Yes once, but that will be cached by browsers (for as long as you specify) and then it wont try http again.
So it’s always just 1 request, but almost only https.
Why should there be anything unencrypted?
There is no reason not to do that.
no extra request, like explained above
it’s not much work
No in all honesty, this isn’t really a vulnerability, so I dont care too much, but it’s a security enhancement. It might stop a man in the middle attack, a little bit less clear text traffic in the world is good.
I have absolutely no experience with Nginx, but I’m a great hack and I survive at work thanks to my Googlefingers. What I’m trying to say is that this seems like it’s super relevant, but I can’t be sure since I don’t… damnit, I’m rambling.