Date: Fri, 03 Apr 2015 18:42:03 -0700 From: Mel Pilgrim <list_freebsd@bluerosetech.com> To: jd1008 <jd1008@gmail.com>, freebsd-questions@freebsd.org Subject: Re: Why does FreeBSD insist on https? Message-ID: <551F416B.5010004@bluerosetech.com> In-Reply-To: <551F3EAA.5050406@gmail.com> References: <CAA3ZYrD_2AaDfW3oJ-NFt333DrjOwgBR-8bbqH0eVZGL6Y_5WQ@mail.gmail.com> <551DA84D.8030205@gmail.com> <20150402222539.37e330f8@gumby.homeunix.com> <551DC4F7.5090005@gmail.com> <CALf6cgYFZBwy=SOcaayuP90jjGdvZt2aghYeCX0iTweceXXrEA@mail.gmail.com> <551E4F43.1060109@bluerosetech.com> <551F0BC9.1050405@gmail.com> <20150403182207.Horde.4tWAInV2MEGqMujCj2DYHw8@mail.parts-unknown.org> <551F3EAA.5050406@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2015-04-03 18:30, jd1008 wrote: > > > On 04/03/2015 07:22 PM, David Benfell wrote: >> Quoting jd1008 <jd1008@gmail.com>: >> >>> On 04/03/2015 02:28 AM, Mel Pilgrim wrote: >>>> On 2015-04-03 00:32, Nino J wrote: >>>>> Just bear in mind that the OP mentioned redirect to https. That >>>>> means that >>>>> the initial request to the exact URL (i.e. before being redirected and >>>>> switching to https) is visible. >>>> >>>> Which is why we have HSTS. Packaged HSTS lists prevent the browser >>>> from ever sending an uncrypted URL. >>>> >>>> ________ >>> Unfortunately, too many web sites do not have HSTS installed in the >>> http server. >>> I have seen it in many web sites. >> >> I've been using Qualys SSL Check to catch details like this. The word >> probably *does* need to be put out better that you have not properly >> configured a web site unless you've visited a site like this and checked. > Huh??? > Did you omit some words from your sentence?? :) :) > Honestly, I do not quiet get the gist of your post. He means that testing using a tool like Qualys' SSL Server Check should be a requirement for website configuration.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?551F416B.5010004>