Articles I've written

Disable TLS 1.0 & 1.1 today

Microsoft, Google, Apple & Mozilla announced yesterday that they're removing TLS 1.0 and TLS 1.1 protocols from Internet Explorer, Edge, Chrome, Safari & Firefox browsers in the beginning of 2020. Your visitors most probably don't use them already so you can disable them in your server configs today. But let's verify that first using the “Handshake Simulation” tool available in the SSL Labs Server Test.

(read more…)

Browsers are hiding the padlock and it's a Good Thing™
October 15, 2018

Magical properties are often attributed to the padlock icon 🔒 which marks “secure” pages. For example, you'll often hear that the icon indicates trustworthy websites that won't abuse your data and passwords. The padlock is gradually being removed and that's a Good Thing™. But why?

(read more…)

Not secure: Chrome and HTTP websites
July 25, 2018

Chrome started marking all HTTP websites as Not secure yesterday (on my birthday, what a gift!) with their release of Chrome 68. The treatment is not a red warning yet, just a gray (i). And there's a lot of busy czech websites getting that treatment. And how did we get here anyway and what's next?

(read more…)

Last dates for Intro to PHP, Classes & objects in PHP training
October 10, 2017

The time has come and after 6 years I'm closing my public training Introduction to PHP and Classes and objects in PHP, the last round this December. I'm also writing some new courses.

(read more…)

Chrome, ERR_SPDY_PROTOCOL_ERROR, and an invalid HTTP header
August 28, 2017

When migrating your site to a more performant HTTP/2 protocol, it may happen that Chrome will not load a page and will display This site can’t be reached with ERR_SPDY_PROTOCOL_ERROR instead. HTTP/2 is derived from the earlier SPDY protocol, that's probably why the error message doesn't mention HTTP/2 at all.

(read more…)

Do you need a TLS/SSL certificate for your website?
August 10, 2017

All articles