This extension enforces encryption for websites that support it as much as currently possible in Chrome. This gives you added security and privacy for your browsing automatically and transparently. This is particularly important on insecure networks, such as public wifi in e.g. coffee shops and hotels.
It is not completely secure against the infamous Firesheep, but it does minimize the risk greatly. See the section on complete enforcement for technical details and more on when this will be possible. More Info »
- Automatically detects if a site supports SSL (TLS) and redirects you to it
- Flexible options for overriding the auto-detection
- Caches which sites support SSL (respects incognito mode)
- Open source (GPLv2 or later)
Due to Chrome limitations KB SSL Enforcer redirects while the page is loading. This can give a quick flicker of the unencrypted page, but it redirects you as fast as possible.
This first insecure request could send a cookie in the clear, which would give anyone with tools like Firesheep an opportunity to use your account on that site. But this only happens if they catch it during that first request and if it includes sensitive information, such as your logged in session.
The request for the ability to intercept requests in Chrome before they leave the browser, is currently their most starred issue:
It's followed specifically for this extension in issue 25:
Any questions or feedback are welcome in the issue tracker linked above, which has features to manage and notify people of any issues, so they can be fixed and we can all have a better extension. Please keep the user reviews section of this page to just reviews. Thanks.
Developed by KB IT: