I've just arranged for non-encrypted (HTTP) requests to the Strathspey sites to be redirected to HTTPS, which has been working on Strathspey for a long time but had to be addressed explicitly. I've also enabled ”HTTP Strict Transport Security” which should cause browsers to make any
http://… requests to Strathspey-hosted domains to
https://… instead without even trying HTTP in the first place, once they've accessed the site in the reasonably recent past. (For the time being the holding time for HSTS is only 10 minutes; this will be increased to six months or a year once I'm satisfied it all works, because it's a hassle to undo if anything goes wrong.) This should bring the Strathspey sites up to the standard that is expected in 2019.
Note that this does not apply to the RSCDS Vienna Branch site as for technical reasons I can't obtain an X.509 certificate which covers that site. This will hopefully be fixed in due course.
· · Posted by Anselm Lingnau · 6 December 2019 2:13