2,438
edits
Changes
no edit summary
| 2010 || {{dts|June 17}} || Browser extension || HTTPS Everywhere || || The {{w|Electronic Frontier Foundation}} and {{w|The Tor Project, Inc}} launch {{w|HTTPS Everywhere}}, a {{w|Firefox}} extension, to make Firefox use HTTPS where possible.<ref>{{cite web|url = https://www.eff.org/deeplinks/2010/06/encrypt-web-https-everywhere-firefox-extension|title = Encrypt the Web with the HTTPS Everywhere Firefox Extension|last = Eckersley|first = Peter|date = June 17, 2010|accessdate = November 19, 2017|publisher = Electronic Frontier Foundation}}</ref> The extension would evolve over the coming years. As of 2017, it is supported on Firefox, Chrome, and Opera.<ref name=https-everywhere>{{cite web|url = https://www.eff.org/https-everywhere|title = HTTPS Everywhere|accessdate = November 19, 2017}}</ref>
|-
| 2010 || {{dts|June 2}} || Browser enhancement || SSL False Start || || A Google team comprising Adam Langley, Nagendra Modadugu, and Bodo Moeller propose SSL False Start, a client-side only change to reduce one round-trip from the SSL handshake.<ref>{{cite web|url = https://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00|title = Transport Layer Security (TLS) False Start|date = June 2, 2010|accessdate = November 19, 2017|publisher = Internet Engineering Task Force}}</ref><ref>{{cite web|url = https://blog.chromium.org/2011/05/ssl-falsestart-performance-results.html|title = SSL FalseStart Performance Results|date = May 18, 2011|accessdate = November 19, 2017|publisher = Chromium blog}}</ref><ref>{{cite web|url = https://www.imperialviolet.org/2010/09/05/blacklisting.html|title = Changing HTTPS|date = September 5, 2010|accessdate = November 19, 2017|publisher = Imperial Violet}}</ref> Despite tests showing that it reduces latency by 30%, the effort would be abandoned in April 2012 because of incompatible incompatibility with some servers doing early HTTPS termination.<ref>{{cite web|url = https://arstechnica.com/information-technology/2012/04/google-abandons-noble-experiment-to-make-ssl-less-painful/|title = False Start’s sad demise: Google abandons noble attempt to make SSL less painful|last = Goodin|first = Dan|date = April 12, 2012|accessdate = November 19, 2017}}</ref>|-| 2010 || {{dts|October 14}} || Proxy/load balancer || AWS Elastic Load Balancing || || AWS Elastic Load Balancing announces support for SSL termination. This means that websites hosted on AWS, behind AWS load balancers, can upload their certificates to the load balancer, and have the load balancer take care of the SSL certificate, so that the servers that receive the actual traffic only have to handle HTTP traffic.<ref>{{cite web|url = https://aws.amazon.com/blogs/aws/elastic-load-balancer-support-for-ssl-termination/|title = AWS Elastic Load Balancing: Support for SSL Termination|date = October 14, 2010|accessdate = November 19, 2017|publisher = Amazon Web Services|last = Barr|first = Jeff}}</ref>
|-
| 2011 || {{dts|January}} || Website || Facebook || Opt-in HTTPS-only || {{w|Facebook}} begins allowing logged-in users to opt in to have all their Facebook browsing encrypted by HTTPS.<ref name=facebook-https-default>{{cite web|url = https://techcrunch.com/2012/11/18/facebook-https/|title = Facebook Could Slow Down A Tiny Bit As It Starts Switching All Users To Secure HTTPS Connections|last = Constine|first = Josh|date = November 18, 2012|accessdate = November 19, 2017|publisher = ''TechCrunch''}}</ref>
|-
| 2011 || {{dts|January}} || Standard || OCSP stapling || || RFC 6066, introducing OCSP stapling, is published.<ref>{{cite web|url = https://tools.ietf.org/html/rfc6066|title = Transport Layer Security (TLS) Extensions: Extension Definitions|date = January 1, 2011|accessdate = November 19, 2017}}</ref> OCSP stapling is an alternative approach to the {{W|Online Certificate Status Protocol}} llows the presenter of a certificate to bear the resource cost involved in providing OCSP responses by appending ("stapling") a time-stamped OCSP response signed by the CA to the initial TLS handshake, eliminating the need for clients to contact the certificate authority. RFC 6961 would cover the case of multiple OCSP stapling.<ref>{{cite web|url = https://tools.ietf.org/html/rfc6961|title = The Transport Layer Security (TLS) Multiple Certificate Status Request Extension|date = June 1, 2013|accessdate = November 19, 2017}}</ref>
|-
| 2011 || {{dts|March 15}} || Website || Twitter || Opt-in HTTPS-only || {{w|Twitter}} begins allowing logged-in users to opt in to have all their Twitter browsing encrypted by HTTPS.<ref name=twitter-https-optin>{{cite web|url = https://blog.twitter.com/official/en_us/a/2011/making-twitter-more-secure-https.html|title = Making Twitter more secure: HTTPS|date = March 15, 2011|accessdate = November 19, 2017|publisher = Twitter}}</ref>
|-
| 2011 || {{dts|July 15}} || Proxy/load balancer || Nginx || || GlobalSign, DigiCert, Comodo and NGINX Inc. announce a joint effort to add OCSP-stapling support to Nginx.<ref>{{cite web|url = https://www.nginx.com/press/globalsign-digicert-and-comodo-collaborate-nginx-improve-online/|title = GlobalSign, DigiCert and Comodo Collaborate with NGINX to Improve Online Trust through Enhanced Certificate Revocation Checking, sign a Sponsorship Agreement. New version of the popular NGINX web server to support OCSP-stapling|date = July 15, 2011|accessdate = November 19, 2017|pubblisher = NGINX, Inc.}}</ref>
|-
| 2011 || {{dts|October 18}} || Website || Google Search || Default HTTPS-only || Google makes HTTPS (using SSL) the default option for its search users who are logged in on google.com (its US site; regionally branded sites are not affected).<ref>{{cite web|url = https://googleblog.blogspot.in/2011/10/making-search-more-secure.html|title = Making search more secure|date = October 18, 2011|accessdate = November 19, 2017|publisher = Google}}</ref><ref>{{cite web|url = http://www.eweek.com/security/google-makes-https-encryption-default-for-search|title = Google Makes HTTPS Encryption Default for Search|last = Boulton|first = Clint|date = October 18, 2011|accessdate = November 19, 2017|publisher = eweek}}</ref><ref>{{cite web|url = https://searchengineland.com/google-to-begin-encrypting-searches-outbound-clicks-by-default-97435|title = Google To Begin Encrypting Searches & Outbound Clicks By Default With SSL Search|last = Sullivan|first = Danny|date = October 18, 2011|accessdate = November 19, 2017|publisher = Search Engine Land}}</ref> In particular, webmasters receiving traffic from Google Search will no longer be able to know the search terms that led to a specific visit.<ref>{{Cite web|url = https://analytics.googleblog.com/2011/10/making-search-more-secure-accessing.html|title = Making search more secure: Accessing search query data in Google Analytics|date = October 18, 2011|accessdate = November 19, 2017}}</ref><ref>{{cite web|url = https://searchengineland.com/google-puts-a-price-on-privacy-98029|title = Google Puts A Price On Privacy|last = Sullivan|first = Danny|date = October 22, 2011|accessdate = November 19, 2017}}</ref>
