What http response header do I use to say "I support https, redirect to https if you do too" without breaking clients that only do http?
If not, then you have no option but to add new root CAs or manually accept the new certs without the system being able to validate them.
-
-
"Just fallback [automatically] to http" is in no way a better option, and completely defeats the purpose of having https.
-
No the fallback must be explicit (edit config file). It just has to work, and will keep working, unlike crypto schemes disappearing from TLS
-
Certs actually contain a chain to ancient CAs? Or can I make configure my server to send back such chains?
-
Assuming one exists for your immediate cert-issuing CA, I'm pretty sure you can configure your server to send the whole chain.
-
That's cool. I should learn more about TLS details like that.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.