Re: git: d25b74fd362c - main - cad/sweethome3d: Change WWW to https

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Alexey Dokuchaev <danfe_at_freebsd.org>
Date: Fri, 15 Jul 2022 03:37:14 UTC

On Thu, Jul 07, 2022 at 12:24:18AM -0700, Yuri Victorovich wrote:
> On 7/7/22 00:19, Alexey Dokuchaev wrote:
> > Why?  Aren't we only doing it when there's a redirect?
> 
> https is more secure.

There's always a balance to keep.  While I want security on a page where I
input a password, I'd prefer accessibility when looking at some random web
page about Java program. :-)

> > Now users with old browsers won't be albe to access the website. :(
> 
> Could you please provide an example of browser name/version that doesn't
> understand https?

There are plenty.  And the problem is not they don't understand HTTPS,
they do.  For example, Firefox 20.0 on my old Ubuntu Lucid knows how to
talk HTTPS, but trying to visit https://www.sweethome3d.com/ it gives me:

  Cannot communicate securely with peer: no common encryption algorithm(s).
  (Error code: ssl_error_no_cypher_overlap)

Or with curl -I https://www.sweethome3d.com/

  curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
  protocol version

With HTTP, both work just fine.  I can even browse the page via "telnet 80"
as I still do sometimes, very convenient.

./danfe