Difference between revisions of "Talk:2634: Red Line Through HTTPS"
Jespertheend (talk | contribs) |
|||
| Line 8: | Line 8: | ||
:2015 is when the first Let's Encrypt certs were issued, and 2016 is when LE became generally available to the public and thus when free SSL/TLS became very very easy for just about anyone setting up a web server, hence the comic citing 2015. However even with a valid cert you might have a number of issues, like [https://www.mixedcontentexamples.com/ mixed content]. At least in Firefox, an expired cert gives a big warning screen that gives you an option to add a security exception; I don't care enough to install Chrom{e,ium} to test its UI. [[Special:Contributions/172.69.69.250|172.69.69.250]] 08:30, 18 June 2022 (UTC) | :2015 is when the first Let's Encrypt certs were issued, and 2016 is when LE became generally available to the public and thus when free SSL/TLS became very very easy for just about anyone setting up a web server, hence the comic citing 2015. However even with a valid cert you might have a number of issues, like [https://www.mixedcontentexamples.com/ mixed content]. At least in Firefox, an expired cert gives a big warning screen that gives you an option to add a security exception; I don't care enough to install Chrom{e,ium} to test its UI. [[Special:Contributions/172.69.69.250|172.69.69.250]] 08:30, 18 June 2022 (UTC) | ||
| + | |||
| + | ::Chrome has this warning screen including an option to bypass the warning as well. I believe all browsers do. I think the only exception to this is when a site has strict transport security enabled. [[User:Jespertheend|Jespertheend]] ([[User talk:Jespertheend|talk]]) 10:49, 18 June 2022 (UTC) | ||
Not sure it's true that if there is a problem with HTTPS like an expired cert that the connection is made with HTTP instead. [[Special:Contributions/172.69.79.201|172.69.79.201]] 10:11, 18 June 2022 (UTC) | Not sure it's true that if there is a problem with HTTPS like an expired cert that the connection is made with HTTP instead. [[Special:Contributions/172.69.79.201|172.69.79.201]] 10:11, 18 June 2022 (UTC) | ||
| + | |||
| + | :It's not, it still uses the https connection. It only indicates that the connection might not be secure anymore and anyone could be listening in at that point. [[User:Jespertheend|Jespertheend]] ([[User talk:Jespertheend|talk]]) 10:49, 18 June 2022 (UTC) | ||
Revision as of 10:49, 18 June 2022
HTTPS was standardized in 2000 or so, so 2015 is quite a stretch for a site to not use it because the site was last updated before HTTPS was widely available.
With pretty much any browser now, a red line through HTTPS means that the site _is using HTTPS_, but it is _not trusted by the browser_ (due to e.g. the certificate being self-signed or expired).
Darrylnoakes (talk) 04:28, 18 June 2022 (UTC)
- I think the intended joke is that the site's certificate expired in 2015, instead of the site is not using HTTPS. 108.162.221.101 06:29, 18 June 2022 (UTC)
- 2015 is when the first Let's Encrypt certs were issued, and 2016 is when LE became generally available to the public and thus when free SSL/TLS became very very easy for just about anyone setting up a web server, hence the comic citing 2015. However even with a valid cert you might have a number of issues, like mixed content. At least in Firefox, an expired cert gives a big warning screen that gives you an option to add a security exception; I don't care enough to install Chrom{e,ium} to test its UI. 172.69.69.250 08:30, 18 June 2022 (UTC)
- Chrome has this warning screen including an option to bypass the warning as well. I believe all browsers do. I think the only exception to this is when a site has strict transport security enabled. Jespertheend (talk) 10:49, 18 June 2022 (UTC)
Not sure it's true that if there is a problem with HTTPS like an expired cert that the connection is made with HTTP instead. 172.69.79.201 10:11, 18 June 2022 (UTC)
- It's not, it still uses the https connection. It only indicates that the connection might not be secure anymore and anyone could be listening in at that point. Jespertheend (talk) 10:49, 18 June 2022 (UTC)
