We deliver great software, fast.

By pushing the boundaries of traditional process and technology, we seek to redefine the way you think about software development.

Quick Links

• Projects
• Products
• Open Source

SSL Everywhere

SSL Everywhere is a Safari web browser extension developed by Near Infinity to force SSL encryption for many of today's popular websites. The extension leverages work done by the Electronic Frontier Foundation's (EFF) HTTPS Everywhere extension for Firefox.

Many of today's websites offer limited support for encryption using SSL, sometimes referred to as HTTPS. They may default to a non-SSL connection, redirect you to a non-SSL version, or include non-SSL links to other pages even while viewing a page encrypted with SSL.

SSL Everywhere fixes some of the problems by automatically redirecting you to secure versions of many websites and rewriting insecure links to their SSL-encrypted equivalents.

As stated on the EFF's HTTPS Everywhere page, "sadly, many sites still include a lot of content from third-party domains that are not available over HTTPS (SSL). As always, if the browser's lock icon is broken or carries an exclamation mark, you may remain vulnerable to some adversaries that use active attacks or traffic analysis." The same can be said for SSL Everywhere.

Status

Although SSL Everywhere does its best to encrypt your connections, it cannot guarantee your protection. If your site doesn't support SSL, SSL Everywhere can't offer you any protection at all. In such a case, please ask the website owner to read the EFF's article on How to Deploy HTTPS Correctly and enable SSL.

Firesheep and SSL Everywhere

Firesheep is a Firefox extension that makes hijacking user sessions on popular websites trivial for anyone on an open WiFi network. These attacks often take place on open WiFi networks in coffee shops, restaurants, hotels, airports, and more. If you don't have to type in a password when joining a wireless network, you're using an open WiFi connection.

Due to limitations placed on Safari extensions, SSL Everywhere will not completely protect you from Firesheep attacks. However, it does enhance security by automatically redirecting you to secure versions of many websites and rewriting insecure links to their SSL-encrypted equivalents. If you must use Safari to access popular websites when connected to an open WiFi network, you're probably better off doing it with SSL Everywhere.

Contributing

SSL Everywhere is open source software license under the same GPL v2 license as HTTPS Everywhere. There are two major ways you can contribute to the SSL Everywhere extension.

1. Improve the SSL Everywhere extension code.
2. Write new rules for additional websites.

If you'd like to improve the SSL Everywhere extension source code or add new features, you can find the source code on the SSL Everywhere Github page.

If you'd like to add to the list of sites protected by SSL Everywhere, please contribute additional rules to the HTTPS Everywhere. We see no reason to duplicate the effort of establishing a solid set of rules for both the HTTPS Everywhere extension for Firefox and SSL Everywhere. Once a rule is added to the HTTPS Everywhere project, we will copy it into SSL Everywhere.

Credits

Special thanks to Michael Flarup for allowing us to use his beautiful Safari World icon for this project. You can find more of his excellent work at PixelResort.