From owner-freebsd-questions@FreeBSD.ORG Sat Apr 4 01:42:16 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A0307A10 for ; Sat, 4 Apr 2015 01:42:16 +0000 (UTC) Received: from luigi.brtsvcs.net (luigi.brtsvcs.net [IPv6:2607:fc50:1000:1f00::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 76E88F27 for ; Sat, 4 Apr 2015 01:42:16 +0000 (UTC) Received: from chombo.houseloki.net (unknown [IPv6:2601:7:2580:181:21c:c0ff:fe7f:96ee]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by luigi.brtsvcs.net (Postfix) with ESMTPSA id E09FE2D4F8D; Sat, 4 Apr 2015 01:42:14 +0000 (UTC) Received: from [IPv6:2601:7:2580:181:baca:3aff:fe83:bd29] (unknown [IPv6:2601:7:2580:181:baca:3aff:fe83:bd29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by chombo.houseloki.net (Postfix) with ESMTPSA id 111506D2; Fri, 3 Apr 2015 18:42:13 -0700 (PDT) Message-ID: <551F416B.5010004@bluerosetech.com> Date: Fri, 03 Apr 2015 18:42:03 -0700 From: Mel Pilgrim Reply-To: freebsd-questions@freebsd.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: jd1008 , freebsd-questions@freebsd.org Subject: Re: Why does FreeBSD insist on https? References: <551DA84D.8030205@gmail.com> <20150402222539.37e330f8@gumby.homeunix.com> <551DC4F7.5090005@gmail.com> <551E4F43.1060109@bluerosetech.com> <551F0BC9.1050405@gmail.com> <20150403182207.Horde.4tWAInV2MEGqMujCj2DYHw8@mail.parts-unknown.org> <551F3EAA.5050406@gmail.com> In-Reply-To: <551F3EAA.5050406@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Apr 2015 01:42:16 -0000 On 2015-04-03 18:30, jd1008 wrote: > > > On 04/03/2015 07:22 PM, David Benfell wrote: >> Quoting jd1008 : >> >>> On 04/03/2015 02:28 AM, Mel Pilgrim wrote: >>>> On 2015-04-03 00:32, Nino J wrote: >>>>> Just bear in mind that the OP mentioned redirect to https. That >>>>> means that >>>>> the initial request to the exact URL (i.e. before being redirected and >>>>> switching to https) is visible. >>>> >>>> Which is why we have HSTS. Packaged HSTS lists prevent the browser >>>> from ever sending an uncrypted URL. >>>> >>>> ________ >>> Unfortunately, too many web sites do not have HSTS installed in the >>> http server. >>> I have seen it in many web sites. >> >> I've been using Qualys SSL Check to catch details like this. The word >> probably *does* need to be put out better that you have not properly >> configured a web site unless you've visited a site like this and checked. > Huh??? > Did you omit some words from your sentence?? :) :) > Honestly, I do not quiet get the gist of your post. He means that testing using a tool like Qualys' SSL Server Check should be a requirement for website configuration.