The only way I know is recognizing a finite present-day set of crappy http-only User-Agents, forcing https redirect for everything else.
-
-
Replying to @RichFelker @sortiecat
If anyone is making *new* client software that's http-only, it's their fault when it breaks.
1 reply 0 retweets 0 likes -
Replying to @RichFelker
I'm worried about certs breaking, I got the https support. I want redirect to https in supported clients, and fallback if needed. See thread
1 reply 0 retweets 0 likes -
Replying to @sortiecat
I don't understand what you mean by "certs breaking".
1 reply 0 retweets 0 likes -
Replying to @RichFelker
Right, I think what I'm actually worried about is how an old system deals with the certificate authorities of two decades from now.
2 replies 0 retweets 0 likes -
Replying to @sortiecat
Ideally there's a chain of trust from its ancient CA roots to whatever ones are used decades from now.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @sortiecat
If not, then you have no option but to add new root CAs or manually accept the new certs without the system being able to validate them.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @sortiecat
"Just fallback [automatically] to http" is in no way a better option, and completely defeats the purpose of having https.
1 reply 0 retweets 1 like -
Replying to @RichFelker
No the fallback must be explicit (edit config file). It just has to work, and will keep working, unlike crypto schemes disappearing from TLS
2 replies 0 retweets 0 likes -
Replying to @sortiecat @RichFelker
Certs actually contain a chain to ancient CAs? Or can I make configure my server to send back such chains?
1 reply 0 retweets 0 likes
Assuming one exists for your immediate cert-issuing CA, I'm pretty sure you can configure your server to send the whole chain.
-
-
Replying to @RichFelker
That's cool. I should learn more about TLS details like that.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.