Date: Fri, 03 Apr 2015 19:30:18 -0600 From: jd1008 <jd1008@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Why does FreeBSD insist on https? Message-ID: <551F3EAA.5050406@gmail.com> In-Reply-To: <20150403182207.Horde.4tWAInV2MEGqMujCj2DYHw8@mail.parts-unknown.org> References: <CAA3ZYrD_2AaDfW3oJ-NFt333DrjOwgBR-8bbqH0eVZGL6Y_5WQ@mail.gmail.com> <551DA84D.8030205@gmail.com> <20150402222539.37e330f8@gumby.homeunix.com> <551DC4F7.5090005@gmail.com> <CALf6cgYFZBwy=SOcaayuP90jjGdvZt2aghYeCX0iTweceXXrEA@mail.gmail.com> <551E4F43.1060109@bluerosetech.com> <551F0BC9.1050405@gmail.com> <20150403182207.Horde.4tWAInV2MEGqMujCj2DYHw8@mail.parts-unknown.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/03/2015 07:22 PM, David Benfell wrote: > Quoting jd1008 <jd1008@gmail.com>: > >> On 04/03/2015 02:28 AM, Mel Pilgrim wrote: >>> On 2015-04-03 00:32, Nino J wrote: >>>> Just bear in mind that the OP mentioned redirect to https. That >>>> means that >>>> the initial request to the exact URL (i.e. before being redirected and >>>> switching to https) is visible. >>> >>> Which is why we have HSTS. Packaged HSTS lists prevent the browser >>> from ever sending an uncrypted URL. >>> >>> ________ >> Unfortunately, too many web sites do not have HSTS installed in the >> http server. >> I have seen it in many web sites. > > I've been using Qualys SSL Check to catch details like this. The word > probably *does* need to be put out better that you have not properly > configured a web site unless you've visited a site like this and checked. Huh??? Did you omit some words from your sentence?? :) :) Honestly, I do not quiet get the gist of your post.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?551F3EAA.5050406>