What http response header do I use to say "I support https, redirect to https if you do too" without breaking clients that only do http?
If anyone is making *new* client software that's http-only, it's their fault when it breaks.
-
-
I'm worried about certs breaking, I got the https support. I want redirect to https in supported clients, and fallback if needed. See thread
-
I don't understand what you mean by "certs breaking".
-
Right, I think what I'm actually worried about is how an old system deals with the certificate authorities of two decades from now.
-
Ideally there's a chain of trust from its ancient CA roots to whatever ones are used decades from now.
-
If not, then you have no option but to add new root CAs or manually accept the new certs without the system being able to validate them.
-
"Just fallback [automatically] to http" is in no way a better option, and completely defeats the purpose of having https.
-
No the fallback must be explicit (edit config file). It just has to work, and will keep working, unlike crypto schemes disappearing from TLS
-
Certs actually contain a chain to ancient CAs? Or can I make configure my server to send back such chains?
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.