Blocking improper SSL connections

Even if a Web site hosted with us doesn’t have an SSL certificate, our servers used to accept improper secure SSL connection attempts that start with “https://” instead of “http://” in the beginning of the URL (note the extra “s”). We’re changing that.

Those kinds of connection attempts cause Web browser security error messages about an “SSL certificate mismatch”. While you could theoretically click past the warnings and use your site like that anyway, that’s not how things are supposed to work. The warnings are so alarming that they incorrectly make people think a site has been “hacked”, and allowing the attempts causes obscure technical problems with some software that expects connections to be completely rejected if a valid SSL certificate doesn’t exist.

Because of that, we’re going to start blocking these improper SSL connection attempts entirely in most cases, which will change the security error messages to “connection failed” error messages instead. Nobody should actually see any problems as a result, though, because site visitors shouldn’t be trying to make SSL connections to a non-SSL site to begin with.

If you want to properly use SSL security with your site, please see our detailed SSL help pages that explain how you can do it. It’s inexpensive (and even free in some cases).