I'm currently in the middle of an experiment where I reject insecure outgoing HTTP requests, and it turns out this breaks Steam in some significant ways:
-
The store page simply displays the following message:
Error Code: -102
Unable to connect to server. Server may be offline or you may not be connected to the internet.
- Game updates never get anywhere.
So it appears that both the store and game updates are served through insecure HTTP. This has both security and privacy implications, so I'd like to know if there is any way for me to force Steam to use secure protocols for at least the store and game updates.
For the record: The Steam client is definitely online, because their support, served over HTTPS, works fine. I've also asked Steam support about this.
Best Answer
No, this is not possible. At the time of writing, navigating to https://store.steampowered.com/ will result in a temporary redirect to http://store.steampowered.com/. I suspect a similar thing will happen for update-urls, but I don't currently have one ready to test with.
Regardless of what sorcery you would perform to upgrade such requests, steam will downgrade those requests again.