Secure website connection (HTTPS)

Why

• Does my site need HTTPS?
• "Why HTTPS for Everything?" by CIO.gov
• "Still think you don't need HTTPS?"by Scott Helme

Usage statistics

• .nl statistics on HTTPS by SIDN Labs
• "Percentage of Web Pages Loaded by Firefox Using HTTPS"
• "HTTPS Usage" by Google
• Pulse - TLS1.3 metric by Internet Society

Background information

• "IT Security Guidelines for Transport Layer Security (TLS), v2.1" by NCSC-NL
• "ICT security guidelines for web applications" by NCSC-NL (in Dutch)
• Mozilla SSL Configuration Generator
• Bettercrypto.org
• How HTTPS works

Specifications

HTTPS

• RFC 9110: HTTP Semantics
• RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3
• RFC 5246: The Transport Layer Security (TLS) Protocol, Version 1.2
• RFC 9325:Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
• RFC 6797: HTTP Strict Transport Security (HSTS)

CAA

• RFC8659: DNS Certification Authority Authorization (CAA) Resource Record
• RFC8657: Certification Authority Authorization (CAA) Record Extensions for Account URI and Automatic Certificate Management Environment (ACME) Method Binding
• Baseline Requirements by Certification Authority Browser Forum
• Certification Authority Restriction Properties by IANA

DANE

• RFC 6698: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA