I’ve been using CloudFlare to provide SSL on my documentation sites hosted on GH Pages for around 12 months with excellent reliability. The only caveat I’ve found so far is that a number of browsers and especially corporate proxies do not support the certificates and SSL protocols used by CloudFlare, resulting in failed connections. This is a problem across all CloudFlare sites though, so something to look out for if you need access from behind such a setup.
The only caveat I’ve found so far is that a number of browsers and especially corporate proxies do not support the certificates and SSL protocols used by CloudFlare
Wow, hello! So far it seems like the McAfee corporate products are the most common failures. I deal with about 20 calls a day within my company and from what I've heard this isn't a unique experience. The versions our security team use are probably about 3 years out of date but the new cloud product they're migrating to has shown similar symptoms where the connection fails and the client shows a standard 'Server Failed to Connect's. The team managing the existing proxy had provided some connection logs, I'll try and dig them out.
Found them. The comments from the security team suggest the (admittedly out of date) proxy appliance can’t handle the combination of modern TLS ciphers, H/2 and multiple hosts on a SAN cert, and in this scenario, results in a connection failure that from the end user perspective looks like a site issue. In the case of the new cloud service, the problem is specifically related to the new TLS versions and long lived connections, but which I haven’t been able to recreate from the corporate Akamai setup with the same site behind it. Small sample size though...
I use GitHub Pages with a custom domain to publish a static blog. I post about once a month and my audience is small. Would someone please explain why I should worry about HTTP vs. HTTPS?
Chrome will shortly be flagging all sites without HTTPS as insecure, so at the very least the benefit is cosmetic. From an overall health of the internet perspective, modern SSL ensures no tampering or other misbehaviour on the line. Google covered some other benefits of SSL in a post from September - https://developers.google.com/web/fundamentals/security/encr...