
HTTPS with a Custom Domain on GitHub Pages - jgrahamc
https://lukeb.co.uk/2018/01/02/HTTPS-With-A-Custom-Domain-On-GitHub-Pages/
======
PebblesHD
I’ve been using CloudFlare to provide SSL on my documentation sites hosted on
GH Pages for around 12 months with excellent reliability. The only caveat I’ve
found so far is that a number of browsers and especially corporate proxies do
not support the certificates and SSL protocols used by CloudFlare, resulting
in failed connections. This is a problem across all CloudFlare sites though,
so something to look out for if you need access from behind such a setup.

~~~
jgrahamc
_The only caveat I’ve found so far is that a number of browsers and especially
corporate proxies do not support the certificates and SSL protocols used by
CloudFlare_

Which browsers and which proxies?

~~~
PebblesHD
Wow, hello! So far it seems like the McAfee corporate products are the most
common failures. I deal with about 20 calls a day within my company and from
what I've heard this isn't a unique experience. The versions our security team
use are probably about 3 years out of date but the new cloud product they're
migrating to has shown similar symptoms where the connection fails and the
client shows a standard 'Server Failed to Connect's. The team managing the
existing proxy had provided some connection logs, I'll try and dig them out.

~~~
PebblesHD
Found them. The comments from the security team suggest the (admittedly out of
date) proxy appliance can’t handle the combination of modern TLS ciphers, H/2
and multiple hosts on a SAN cert, and in this scenario, results in a
connection failure that from the end user perspective looks like a site issue.
In the case of the new cloud service, the problem is specifically related to
the new TLS versions and long lived connections, but which I haven’t been able
to recreate from the corporate Akamai setup with the same site behind it.
Small sample size though...

~~~
jgrahamc
Thanks. Mind emailing me details? jgc @ cloudflare . com.

------
chmaynard
I use GitHub Pages with a custom domain to publish a static blog. I post about
once a month and my audience is small. Would someone please explain why I
should worry about HTTP vs. HTTPS?

~~~
PebblesHD
Chrome will shortly be flagging all sites without HTTPS as insecure, so at the
very least the benefit is cosmetic. From an overall health of the internet
perspective, modern SSL ensures no tampering or other misbehaviour on the
line. Google covered some other benefits of SSL in a post from September -
[https://developers.google.com/web/fundamentals/security/encr...](https://developers.google.com/web/fundamentals/security/encrypt-
in-transit/why-https)

~~~
chmaynard
Makes sense to me. Apparently GitHub doesn't agree, because they don't still
support HTTPS for custom domains.

