Jeremy McAnally
Jeremy Ross
@jm Chrome won’t even save this setting. Go back to settings and it’s not checked.
PROTIP: Given Heartbleed, be sure that your Chrome is set to check for SSL cert revocations. It's not by default. http://i.imgur.com/DsB8Oz0.png
-
-
-
@jeremyross lolwut? That’s just dumb. Why even put it in there?
-
-
-
@jm@googlechrome@ChromiumDev why is SSL revocation check not enabled by default? -
@langemeijer@jm@googlechrome in this case, it isn't an effective solution:https://twitter.com/agl__/status/453602748601495553 … -
@ChromiumDev@jm@googlechrome I've renewed my potentially compromised keys & certs. Old certs should be revoked. How is this not effective?
-
-
@jm Ultimately, that checkbox is not an effective defense here. You can still be MITM'd regardless. More here: https://news.ycombinator.com/item?id=7557149 -
-
- View other replies
-
@bdrileysaustin Hearbleed isn’t an issue with your browser, but with servers. So we have to wait for sites to patch SSL. -
@BaldMan thanks much. More research confirms the obvious. Several sites now report clear, but certificate safety still an issue.
-
-
RT
@jm: PROTIP: Given Heartbleed, be sure that Chrome is set to check for SSL cert revocations. It’s not by default. http://i.imgur.com/DsB8Oz0.png -
-
-
-
@rightfuture@jm settings > advanced > click the box. Also this extn checks if a site you're on is affected http://argh.zomb.ee/Q2lZoW -
-
Jason Kim
Casper Langemeijer
Chrome Developers
Adam Langley
Josh Myer
BD Riley's Irish Pub
Alex Jones ✯
Andrew von Nagy
William
Marcus Barber
Richard L. Taylor
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.