Skip to main content

Reddit announces full HTTPS support to secure connections

Following the industry trend, Reddit has announced all connections between users and the site will now be secure through HTTPS with HTTP Strict Transport Security, removing most of the middle-man attacks that can happen on unsecured lines.

Reddit started working on secure socket layers in September 2014, announcing plans to make the “front page of the Internet” safer for its 100 million active users.

“Nearly 1 year ago we gave you the ability to view reddit completely over SSL,” said system administrator Ricky Ramirez in a board post. “Now we're ready to enforce that everyone use a secure connection with reddit.”

All subreddits will be forced to work under HTTPS, meaning some of the custom CSS or script features on a subreddit will need to be updated to work over a secure network.

Transition to HTTPS is not a problem for the end user, who normally notices no difference between the two. On Reddit, it may be a problem for subreddit owners, with things like JavaScript and other elements vulnerable to middlemen attacks blocked by default.

Some subreddit mods have already worked on patching the custom design to make it suitable for the HTTPS rollout, expected to happen on the 29th of June.

It plans to add further security in the near future, but with such a small team handling all of Reddit it is hard to push these updates frequently. Ramirez said Reddit has one system engineer for every 7.6 million users, making it a monumentus task for the news board.