HTTPS Everywhere
Last edited by SomeGuy; 02.08.10 at 14:19.
I use it.
It don't work on most sites.
Looks like it only works on sites with HTTPS support like SBI.
You can't force SSL on a site that doesn't support it :)
"I just remembered something that happened a long time ago."
This can just make things more complicated. It's good without that addon.
There is link in shoulder's signature that starts with https
I always get a untrusted security warning when i click on it in firefox
This Connection is Untrusted
You have asked Firefox to connect
securely to SB-Innovation - Leecher Mod Source Nr. 1 - Home, but we can't confirm that your connection is secure.
Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right place. However, this site's identity can't be verified.
What Should I Do?
If you usually connect to
this site without problems, this error could mean that someone is
trying to impersonate the site, and you shouldn't continue.
Technical Details
SB-Innovation - Leecher Mod Source Nr. 1 - Home uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for confixx
The certificate expired on 14/01/10 2:22 AM.
(Error code: sec_error_expired_issuer_certificate)
I Understand the Risks
Must be related...
Our certificate is self-signed because we don't use it to prove our identity, but to encrypt traffic between you and the server. Firefox gives you a warning because many scam sites use self-signed certs, also. Add an exception for us and it's all good!
"I just remembered something that happened a long time ago."
it works on "EFF predefinite" sites, such as google, wikipedia, etc. EFF explain how to add more sites, but the added sites have obviously to support SSL.Originally Posted by Grambo
It seems Noscript has similar feature (options->advanced->https). You can try ForceTLS, too.
With httpsEverywhere, a problem happens when I type google.com: I no more have access to the cool features of Google Pirate V2. The problem could be solved in using some offshore google address, such as google.ag (for wich https feature is not yet implemented).
An other potential problem relies on the way the translation http -> https is done by the extensions. In case some MIM attack might occur, the extention SSLGuard may prevent some kind of them.
As anon said, it's related to certificate self-signature. One way to sometimes solve this kind of problem is to use the extension Perspectives, wich uses "notaries", run by academic researchers, asking servers for their public key. With Perspectives, when yopur browser has to authenticate a key, it ask the notaries.
Perspectives prevent in some way MIM attack too, and it's not entirely clear for me if Perpectives and SSLguard are redundant or complementary (or if there is some kind of incompatibility ?)
Last edited by Renk; 20.08.10 at 22:35.
small question :) what is https all about ?
HTTP Secure - Wikipedia, the free encyclopedia
Your account has been disabled.
Reply With Quote
Bookmarks