Reddit announces switch to HTTPS-only
With a short note posted on the site’s developers subreddit, reddit – the so-called “front page of the internet” – has announced that starting with June 29, the site will be served only over HTTPS.
The site has been available over HTTPS since September last year, but the protection was optional.
“When using HTTPS on reddit, your connection will be fully encrypted. Anyone watching your connection (such as WiFi hotspot providers) will be unable to see the plain-text contents of what your browser is communicating with reddit. This helps ensure that your communications with reddit, including your authentication credentials and cookies, will not be viewable through the use of man-in-the-middle attacks,” reddit sysadmin Jason Harvey explained at the time.
“HTTPS is being served via our new CDN, CloudFlare. The server’s preferred cipher suites make use of ECDHE, meaning that HTTPS connections to reddit will have Forward Secrecy for browsers which support those cipher suites.”
HTTPS will now not only be the default, but also mandatory.
“You won’t have an option to disable this,” system administrator Ricky Ramirez wrote. “This is also an industry trend as Google, Facebook, and Wikipedia all force users on to secure connections these days.”
Google has also created a good incentive for websites to start using HTTPS – those who do will be ranked higher in Google Search results.
Ramirez announced the move on the developers subreddit because the switch will have an adverse affect on various scripts and apps – developers will have to make changes in order for them to perform properly.
When asked if they are planning to enable DNSSEC on reddit.com, Ramirez shared that they would like to, but that there is no immediate plan for it, as they currently lack personnel to work on that.