Why does FreeBSD insist on https?
benfell at parts-unknown.org
Sat Apr 4 01:22:09 UTC 2015
Quoting jd1008 <jd1008 at gmail.com>:
> On 04/03/2015 02:28 AM, Mel Pilgrim wrote:
>> On 2015-04-03 00:32, Nino J wrote:
>>> Just bear in mind that the OP mentioned redirect to https. That means that
>>> the initial request to the exact URL (i.e. before being redirected and
>>> switching to https) is visible.
>> Which is why we have HSTS. Packaged HSTS lists prevent the browser
>> from ever sending an uncrypted URL.
> Unfortunately, too many web sites do not have HSTS installed in the
> http server.
> I have seen it in many web sites.
I've been using Qualys SSL Check to catch details like this. The word
probably *does* need to be put out better that you have not properly
configured a web site unless you've visited a site like this and
David Benfell <benfell at parts-unknown.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: PGP Digital Signature
More information about the freebsd-questions