HTTPS Enforcement Furthered in Firefox 17 – Upcoming Release
Mozilla has engineered new “rules” to enforce HTTPS for certain websites. Mozilla calls the new technology, to be included in Firefox 17 (currently in BETA), HTTP Strict Transport Security (HSTS). It is a technology mechanism that shall force certain websites to engage HTTPS connection with the browser, as long as it matches the security certificate presented.
In other words, it gives the ability to Firefox to read SSL certificates, and check to be sure they are legitimate. Once it’s verified, and matched, it will force the site loaded to be in HTTPS, even if the browser receives a HTTP request.
“When a user connects to one of these hosts for the first time, the browser will know that it must use a secure connection. If a network attacker prevents secure connections to the server, the browser will not attempt to connect over an insecure protocol, thus maintaining the user’s security,” Mozilla claims.
The release of Firefox 17 should be in the next few weeks, according to the release schedule.