[#8432] - Feature Request: Improvements to the SSL Config (proposal)
- Closed
- 23 Nov 2015
- Medium
- Build: master
- # 8432
Reason
Arround the 3 December the public beta of https://letsencrypt.org starts and offer free ssl certs
Proposal
To improve the securtiy by using this free Certs selectively and not globaly (to both the network load and computing power and thus avoid unnecessary stress to the response times) here are a Proposal.
Currently the SSL Config is a bit hidden. (Menu entry > Metadata > SSL)
Maybe this config can be moved to a better place.
1.) Global Config from com_menu SSL yes / no / (ignore).
2.) For the menu entrys Global Config (default) / Yes / No
Joomla Bugs Ref:
Proposal was done by ach-ja and Re:Later from Germany (see link)
http://www.joomla-bugs.de/forum/index.php/topic,695.msg3188.html (german)
Thanks.
The trend in the next years will be to switch the full site (the entire internet actually) to HTTPS.
Log-In using HTTPS and then browsing the page using HTTP doesn't work anyway since the cookie will not be available to non-HTTPS URLs.
Thus I'm not so sure if it makes sense to make that option more prominent. The opposite may become true once that service goes live.
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2015-11-23 13:25:03 |
| Closed_By | ⇒ | zero-24 |
On the Global Configuration, under the Server tab, there is already a "Force SSL" option which can force SSL for only the admin or the entire site.
For the config in the menu item, that looks to allow a per-item override (the default Ignore looks to be the same as the "Use Global" option in other places) if your site defaults to HTTP.