SSL Enforcer forces secure connections on a system-wide level
SSL Enforcer is a new program that is currently available as a free beta version. If other programs of the same developer are anything to go by, it is likely that it won't be available for free after the beta period.
The program works similar to the popular browser extension HTTPS Everywhere but with the difference that it runs independent from any program on the system.
This means that it can enforce secure connections for all processes running on the system.
The application is available as a portable version and installer. The SSL enforcement is enabled by default when you run it and you may run into issues when connecting to servers on the Internet on HTTP ports because of this since sites may not support HTTPS at all.
The program monitors HTTP ports, 80, 8080 and several others by default and to redirect to a secure connection. This works in all web browsers but also other programs that use HTTP connections including RSS readers for example.
All actions are echoed in the log so that you can always check to see what is going on. There are options to display even more information in the log, limit what is being displayed to errors, or display no log at all.
The settings allow you to turn the SSL enforcement off, disable automatic redirects to HTTPS and HTTPS availability checks.
There you find options to exclude processes or hosts from the procedure. This can be important if a host does not support HTTPS. Instead of not connecting to it at all, you can add it to the list of exceptions to have the program ignore connections to that host or that are made by a process specified there.
The ports that are monitored are also listed here and it is possible to add or remove ports from the list.
The program uses little bandwidth for this as it does not make use of tunnels or proxy servers to enforce https connections.
The main issue that some users, especially business users, will have with the program is that it is not open source. This means that it is not possible to vet it to see if it does not do anything that it should not as it manipulates all HTTP traffic.
Good news is that its redirection to secure connections works really well provided that the host supports https connections.
SSL Enforcer is available for Windows and Mac.
For a software that enforces HTTPS, its own website is forcing the RC4 protocol if you want PFS to be used. Not exactly reassuring, since this is a software for people who would probably disable RC4 due to increased risks of using it.
More trouble than it’s worth if you web surf. I had to disable it to visit Ghacks. I have a local html file on my hard drive that loads weather maps. It blocks the maps and other related info. There is a setting to bypass sites that doesn’t seem to work yet. But I doubt that local file will ever work again as SSL Enforcer is installed. This unacceptable.
I’ll keep testing it for awhile. But I don’t see it having much of a future on my computers.
Have you tried adding localhost / local IP to the exclusion list?
No I didn’t think of it.
it needs a feature for every website where it brings up every insecure connection in a list that you can accept or not. Otherwise you have to type all of those domains in the bypass box. I have better things to do than spend all day typing in exceptions. Until most of the websites use SSL this thing in my opinion is a terrible time waster. :(
Thanks for your feedback.
Please consider that this is the first beta.
Soon we plan to add two features that should address your concerns:
1. Optional “best-effort” mode. Redirect to SSL only when it is available. Otherwise, keep using unsecure connection.
2. Add exceptions from the browser when SSL Enforcer blocks a web site.
Please feel free to contact us directly if you have any questions or suggestions.
Just add a ONE-CLICK option to allow http connection, white-list is tedious and it is not necessary for such software that only redirects to https.
it should look like :
1.Secure alternative: https://
HTTPS is not available for https://www.wwe.com
2.Unsecure alternative: http://
Thanks a lot for the great software, it makes life simple and secure.
It doesn’t exactly make it easy to add exceptions.
Can’t paste into the box provided, let alone right click on address in the log file and add it.
Good suggestion. We will add this feature in one of the next versions.
Russians, always making life simple and secure, it is very hard to find an addon for firefox to redirect to https without refreshing the whole page or typing the full url,
It just needs the option to allow http connection for a site that does not support https,
1.Secure alternative: https
HTTPS is not available for https://www.wwe.com
2. insecure alternative http
Please make it simple with just ONE click to allow some sites to use http, instead of the tedious white-listing option
Thanks a lot for the great software