An alleged SSL/TLS protocol vulnerability
Posted Sep 21, 2011 0:43 UTC (Wed) by JoeBuck
In reply to: An alleged SSL/TLS protocol vulnerability
Parent article: An alleged SSL/TLS protocol vulnerability
"You know that 'This page contains both secure and nonsecure items' warning you keep ignoring? Stop doing that."
And if the site issues unencrypted ads when the user asks for https (as LWN itself did for quite a while), then what? The only options are either to stop using the site or to assume that everything is insecure.
We've done a very good job of training users to ignore warnings related to https, because those warnings appear so often during normal operation (because misconfigurations that generate the messages occur so often).
to post comments)