HTTPS or SSL or TLS or whatever you want to call it can be a confusing beast. Some say it’s just about protecting your password and banking info whilst the packets are flying around the web but I’ve long said that
SSL is not about encryption.
As an indication of how tricky the whole situation is,
OWASP talks about insufficient transport layer security. Not “have you done it right” or “have you done it wrong”, rather have you considered all the little nuances that go into the correct implementation of this invaluable security feature.
Naturally, when this tweet from Mark Hemmings popped up on my timeline was a little intrigued:
