Force HTTPS on [merged]

Hi. I have noticed that can be accessed either
in http ot https, depending how the user manually spells the address.
But I think it would be more secure if SSL/TLS is implemented by default on this
forum, especially when it’s already there. Opinions? :slight_smile:

Hi cocalaur,
I agree it should be default, I force secure connections using Dragon. :-TU

Kind regards.

I agree. SSL should be enabled by default for the forums. :-TU

Yes, HSTS should be enabled (and CVE-2014-0224 fixed). TLS everywhere! :smiley:

It should be easy enough to redirect user from http to https.

Sometimes, does not load with HTTPS at all,
but since the protocol is already there and can be input manually
in the address bar, why not make it default?

I merged two topics.

For those who have not already voted please don’t forget to.

HSTS is now enabled for,,,,, etc. :slight_smile: :-TU

Now just add a preload token and submit here. :wink:

TLS_FALLBACK_SCSV is also enabled, to prevent downgrade attacks. :-TU