4 comments

[ 2.9 ms ] story [ 23.2 ms ] thread
can someone explain the complexity issue for setting up HTTPS for a large company/service? I setup nginx/letsEncrypt fairly quickly last night, it was my first time messing with nginx + the node applications its running.
What complexity issue?
Not all https are created equal. I am no expert but I understand that you need to tweak and twist your setup to not merely serve your site securely, but also ensure that the latest protocols, cyphers, libraries, etc are used; which means a deeper understanding of your web server software and OS is required.
I agree, encrypting a regular web page seems overkill in many cases. Plain HTTP along with a method for signing should be sufficient enough.