HTTPS-only mode (is briefly mentioned and I recommend to LWN readers)
HTTPS-only mode (is briefly mentioned and I recommend to LWN readers)
Posted Jun 13, 2024 22:41 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)In reply to: HTTPS-only mode (is briefly mentioned and I recommend to LWN readers) by intgr
Parent article: Firefox 127.0 released
I've seen X509 implementations that ignore critical extensions (or even things like SANs).
Proper modern implementation of restrictions would need to include something that poisons certificate validation for incorrect implementations.