7 May
2020
7 May
'20
1:14 p.m.
On 5/7/20 12:16 PM, Niels Bakker wrote:
It looks like you shouldn't attempt to access that site over HTTPS, just via plain HTTP. Do you have any official bit of documentation that links to the HTTPS version?
Given the prevalence of opportunistic upgrades to TLS these days, I'd argue that having a misbehaving server listing on 443 (and accepting SNI for a name that works on plain HTTP, if applicable) at the same domain as a well-known, public HTTP server, especially from a "security" company, is a poor idea. -- Brandon Martin