Reddit joins the HTTPS-only stampede
Strict Transport Security joins strict new anti-abuse policies
Reddit will soon be served over HTTPS only as part of wider moves to secure the web.
The Front Page of the Internet™ began serving its user-curated pages over secure sockets layer last September, in an effort that took some nine months to complete.
The site has now decided that as of 29 June it will begin pushing all traffic to HTTPS with HTTP Strict Transport Security, phasing out the ability to gobble clear text and eliminating man-in-the-middle attack vectors.
The move will break some Reddit users' scripts, and applications may become useless unless developers tweak code to work with the more secure mechanism.
Site system administrator Ricky Ramirez notified Reddit's millions of users of the change in a brief post.
"You won't have an option to disable this," Ramirez says.
"This is also an industry trend as Google, Facebook, and Wikipedia all force users on to secure connections these days." Secure content will be served through CloudFlare and grant Forward Secrecy for supporting browsers.
The transition to HTTPS is often rough given the need to combat additional overheads. Hand-made tat bazaar Etsy experienced a "thrilling explosion" of errors when it began migrating to full site HTTPS in late 2009.
Ramirez says Reddit employs about one system engineer for every 7.6 million users and adds his team would like to switch on DNSSEC but has no immediate plans to do so.
The popular Python Reddit Api Wrapper which grants easy access to the Reddit API has been updated to handle the site's HTTPS change. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust