What http response header do I use to say "I support https, redirect to https if you do too" without breaking clients that only do http?
Ideally there's a chain of trust from its ancient CA roots to whatever ones are used decades from now.
-
-
If not, then you have no option but to add new root CAs or manually accept the new certs without the system being able to validate them.
-
"Just fallback [automatically] to http" is in no way a better option, and completely defeats the purpose of having https.
-
No the fallback must be explicit (edit config file). It just has to work, and will keep working, unlike crypto schemes disappearing from TLS
-
Certs actually contain a chain to ancient CAs? Or can I make configure my server to send back such chains?
-
Assuming one exists for your immediate cert-issuing CA, I'm pretty sure you can configure your server to send the whole chain.
-
That's cool. I should learn more about TLS details like that.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.