What http response header do I use to say "I support https, redirect to https if you do too" without breaking clients that only do http?
I think you're imagining a threat that doesn't exist, but maybe I'm missing something.
-
-
Yeah it's largely theoretical. I'm trying to make software that will work decades from now. But also just a few remnant https suspicions.
-
As I switch to https, it becomes up to CAs whether people can connect, and current TLS clients can't connect to TLS servers decades from.
-
I get my https cert for free on my webhost, and I might switch, so a bit afraid to HSTS preload. Maybe they start charging at some point.
-
I look forward to switching to some infrastructure I control a bit more myself. So yeah, maybe there's no problem here.
-
I would just switch to vps +
@letsencrypt. It's going to be at most a couple $ more than your current webhost (probably less), & certainly.. -
...you're going to have a lot more control over stuff being done right.
-
Absolutely
@letsencrypt seems like the way of the future. I'd love to have a port of it to#sortix and use it with my httpd port. -
If you have Python building/running there are already a couple good minimal/auditable acme client implementations you can use.
- 7 more replies
New conversation -
-
-
I'm not aware of any good reason for server implementations to remove ciphers from the (non-authenticated) client's choice of ciphers.
-
You just need to protect against MITM downgrade attacks.
-
Removing support for old TLS versions and cipher seems like a good thing to me. But that only happens on the client then?
-
Unless server is using TLS to authenticate the identity of the client (client certs), server has no reason to disallow old versions/ciphers.
-
If you are using TLS to authenticate identity (as a client does of the server), downgrade attacks are a threat to that.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.