So what does this mean? Well, HTTP Strict-Transport-Security (HSTS) is implemented in Firefox 4, and that's a pretty similar technology to Force-TLS. In fact, it is nearly identical except there's no UI in Firefox 4. If you install Force-TLS, you'll get a UI and also get the built-in HSTS support that's implemented much more completely and efficiently than any add-on. A while ago, I blogged about an experimental add-on called STS-UI that adds a UI to HSTS; Force-TLS shows essentially the same user interface but I've been wanting to keep both the back-end for Firefox 3.x and the front-end for all versions of Firefox in the same add-on.
So what's new in version 3.0.0?
- Smarter: The invisible bits of Force-TLS are restructured to use the custom HTTPS-upgrading and header-noticing bits for earlier Firefox versions but use the HSTS back-end built into Firefox 4 when it's available.
- Better: A few bugs in the user interface were fixed.
- Organized: I've moved the code into an open source repository.
I've got a list of enhancements queued up for the next version of Force-TLS, but not a whole lot of time to work on it. If you'd like to help make Force-TLS more awesome, send an email to forcetls@sidstamm.com
Previously:
Hey Sid, Thanks!
ReplyDeleteIt works fine, but it's really hard to set up from Firefox 4 on Windows, since to get access to the Tools menu you have to open the menu bar, which is off by default.
ReplyDelete@mmc: Hm, yeah, that kind of sucks. I'll fix that in an upcoming release.
ReplyDelete