Nov'2014: why it's overdue: If you run a news site, or any site at all, we’d like to issue a friendly challenge to you. Make a commitment to have your site fully on https by the end of 2015 and pledge your support with the hashtag #https2015.
Dec'2012 recommendations from some friends - note this is relevant to many-server environment
- RapidSSL is good certificate vendor
- get wildcard certs so you can use them across hosts and servers in the same domain
- run SSL in the Load Balancer-s, not on AppServer-s - see Load Balancing
- Terminate in (Load Balancing) hardware? See comments for interesting issues....
Historically, SSL has been considered expensive, and handled in separate computers with specialized accelerating hardware.
HeartBleed is a security bug disclosed in April 2014 in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. Heartbleed may be exploited regardless of whether the party using a vulnerable OpenSSL instance for TLS is a server or a client.
Edited: | Tweet this!