Hacker News new | ask | show | jobs
by alaaibrahim 3859 days ago
Yeah, and please send me a free flying car while you are at it.

Obviously everybody would like that, but it's not as easy as it seams. As github pages, technically are virtual domains, they share the same ip with many other pages, if you want to support https, you need to serve either each page on a different ip (not free), or they need a to configure multidomain ssls (which everytime they need to add a new domain, that means they have to reset the certificate for the other domains on the same ip), and I think there is a limit on the number of domains that can share the same ip - citation needed - . And all of this for free.

Want SSL on gh pages, setup a proxy infront of gh pages.
3 comments
0x0 3859 days ago
Or you can use a web server that supports SNI. You'd lose android 2.x and ie@winxp clients though, but those will be lost anyways soon due to outdated cipher suites and certificate hash algorithms
link
alaaibrahim 3859 days ago
> configure multidomain ssls (which everytime they need to add a new domain, that means they have to reset the certificate for the other domains on the same ip),

Sorry should've called it SNI.

link
0x0 3859 days ago
Multidomain certs are not the same thing as SNI.
link
alaaibrahim 3859 days ago
Thank you, learned something new today.
link
ekidd 3859 days ago
As github pages, technically are virtual domains, they share the same ip with many other pages, if you want to support https, you need to serve either each page on a different ip (not free), or they need a to configure multidomain ssls

If you use SNI, you can serve multiple SSL-protected domains from a single IP. Happily, this is supported by 97.6% of web browsers these days: http://caniuse.com/#feat=sni In fact, most browsers which don't support SNI have been end-of-lifed and are no longer receiving security updates. So unless you still need to support Windows XP or Android 2.x, you can now generally host multiple SSL-protected domains on 1 IP address.

link
byroot 3859 days ago
No, you also have SNI (Server Name Indication), it totally solve this problem.

The only downside is that IE on Windows XP doesn't support it. But for a free service it's good enough.

link