Posted on 19/8/2014, 11:58 am, by Colin Charles, under
Tech.
I read this: HTTPS as a ranking signal. You should then also read this: My blog doesn’t need HTTPS.
Frankly, I agree with Dave Winer here – blogs and many websites/publications don’t need to deliver content over HTTPS. For Google to say they are going to use this as a signal for PageRank, is kind of nasty.
SSL on sites is also likely to spur IPv6 further – many SSL sites, especially e-commerce (whom I think need SSL), need to have a unique IP per site. Soon we’ll have blogs require an IP/site. Of course, there are workarounds to this, but not all web browsers support this.
You can then see that sites like Cloudflare tell you that this is now provided with their Pro plans – a great way to start charging free accounts. You can also get your own SSL certs (which you’ll have to add on as a yearly fee), and then maybe pay more for hosting…
For testing, use Why No Padlock? and Qualys SSL Labs SSL Server Test.
Posted on 17/4/2014, 1:25 pm, by Colin Charles, under
MariaDB,
MySQL.
With the recent Heartbleed bug, people are clearly more interested in their MariaDB/MySQL running with SSL and if they have problems. First up, you should read the advisory notes: MariaDB, Percona Server (blog), and MySQL (blog).
Next, when you install MariaDB (or a variant) you are usually dynamically linked to the OpenSSL library that the system provides. Typically on startup of MariaDB 10.0.10 on CentOS 6.5 (packages from the MariaDB repository), you can check what your status of SSL is.
MariaDB [(none)]> show variables like 'have_ssl';
+---------------+----------+
| Variable_name | Value |
+---------------+----------+
| have_ssl | DISABLED |
+---------------+----------+
1 row in set (0.00 sec)
This means that SSL options are compiled, but mysqld didn’t start with it. You can verify SSL is linked dynamically:
ldd `which mysqld` | grep ssl
libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007ff82d1b1000)
If you are running with SSL enabled (some documentation at MySQL) you will have different options naturally. You can do this via: /etc/init.d/mysql start --ssl. Output now changes:
MariaDB [(none)]> show variables like 'have_ssl';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_ssl | YES |
+---------------+-------+
1 row in set (0.00 sec)
The value NO will be displayed if the server is not compiled with SSL support. See SSL Server System Variables for more.