Apple has announced that it will increase Safari’s security starting September 1, when the browser will only accept HTTPS certified websites issued in the past 13 months.
This change of a technical nature it will have positive repercussions on users, who can only navigate through Safari websites in HTTPS.
HTTPS is a secure version of the standard HTTP web protocol, with communication between the user and the server being encrypted in both directions. HTTPS provides authentication of the website and associated web server with which one of the parties is communicating, protecting communication from attacks through technology man in the middle where someone creates a WiFi hotspot with an apparently innocent name and then acquires all the traffic that goes through it. With HTTP, all content, including usernames and passwords, would be visible in plain text. With HTTPS, everything the attacker sees would be indecipherable.
To allow a browser to connect to an HTTPS website, the system verifies that the site has a valid safety certificate. These certificates only demonstrate that a website was using the latest HTTPS encryption standard at the time of issue, so a previous issue date carries a greater risk that the site is not using the most secure version of the protocol.
Safari accepts certificates issued up to 825 days ago, but only HTTP sites with certificates issued in the last 398 days (13 months) will be accepted from September 1. For this, Apple recommends that webmasters update their certificates as soon as possible.