Why does FreeBSD insist on https?
Mel Pilgrim
list_freebsd at bluerosetech.com
Sat Apr 4 01:42:16 UTC 2015
On 2015-04-03 18:30, jd1008 wrote:
>
>
> On 04/03/2015 07:22 PM, David Benfell wrote:
>> Quoting jd1008 <jd1008 at gmail.com>:
>>
>>> On 04/03/2015 02:28 AM, Mel Pilgrim wrote:
>>>> On 2015-04-03 00:32, Nino J wrote:
>>>>> Just bear in mind that the OP mentioned redirect to https. That
>>>>> means that
>>>>> the initial request to the exact URL (i.e. before being redirected and
>>>>> switching to https) is visible.
>>>>
>>>> Which is why we have HSTS. Packaged HSTS lists prevent the browser
>>>> from ever sending an uncrypted URL.
>>>>
>>>> ________
>>> Unfortunately, too many web sites do not have HSTS installed in the
>>> http server.
>>> I have seen it in many web sites.
>>
>> I've been using Qualys SSL Check to catch details like this. The word
>> probably *does* need to be put out better that you have not properly
>> configured a web site unless you've visited a site like this and checked.
> Huh???
> Did you omit some words from your sentence?? :) :)
> Honestly, I do not quiet get the gist of your post.
He means that testing using a tool like Qualys' SSL Server Check should
be a requirement for website configuration.
More information about the freebsd-questions
mailing list