From nobody Fri Jul 15 03:37:14 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4LkcVf3Nj1z4WjNg; Fri, 15 Jul 2022 03:37:14 +0000 (UTC) (envelope-from danfe@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LkcVf2q75z46KB; Fri, 15 Jul 2022 03:37:14 +0000 (UTC) (envelope-from danfe@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1657856234; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=w7/dqmzcF0hTfF9CsVWu/JD/MdbhsgEdjhcedbow9Jw=; b=H0dsb8XdO0VDsaYWefuh3CdzuKhxO75nJDInyARlHXGflLgADjcgkDHqCajVlCMFZh/VOf wLz2IFD0SQl5sT8Vlf1V2SQ77X+LnX0wB0VW3kjld3jv5vWTuHNqTwScszv/4NvZri7bwg yhcsgm4UxJLVTUON7C+X0e+bEcwsTSuRsUCFDaBzoo0JxlQ8gdNKfqRmwcBjEXRxXFF2E2 dVEgDF0NXYAK1bZi2bUhxEna01SH2INv8Hr7DlXUgqbtGzIHVcT9xGcXeiSj0FE9cw+PId jX03gusVUP6VUJZIWMbJiEW+z9lfM084rUF/Uvo/YPUxYzj0pABi9IiEwZAP6w== Received: by freefall.freebsd.org (Postfix, from userid 1033) id 4AB3F2943; Fri, 15 Jul 2022 03:37:14 +0000 (UTC) Date: Fri, 15 Jul 2022 03:37:14 +0000 From: Alexey Dokuchaev To: Yuri Victorovich Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: d25b74fd362c - main - cad/sweethome3d: Change WWW to https Message-ID: References: <202207070631.2676VNtj077052@gitrepo.freebsd.org> <2b62ceee-2d06-8047-c1f2-26e01cff8147@tsoft.com> List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2b62ceee-2d06-8047-c1f2-26e01cff8147@tsoft.com> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1657856234; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=w7/dqmzcF0hTfF9CsVWu/JD/MdbhsgEdjhcedbow9Jw=; b=qjlussVSAkSaV+r1k+auaRAjm4k/ER3OvIjK6CrNhVd9gnT+qiJ2c3JPLSPslD+kJd0sLJ jp598dohYY0Rw66nzKRbaVsvmTnX29g6hArhqEJAsYlAzly+vNNY2TX6T1RxiOAHlHOk7M tKII+W103rCo90e8l8ftNWlQiGJKrXFbdOR/iQc8rnRz77NEZEkO+H/6JP10k9KXL9oKCj b6b8g0cT+AZ+i+loC3USEG3PvtSu9rDtxgPu2TExL9D1vJOWehDV7jbtVQYIcw1IvEQ6Kb jnmiGiT/bSsE+meSgZn3nNgo0Ge6GanKyhzgK0N/x24IB2/1JcTSOYJD6IC0zw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1657856234; a=rsa-sha256; cv=none; b=Zy9rRVPRN0yPOLmXRhRfkdSEo1NjLrF86MvEEy5+1tX8VYmrDPt1LaWeZp6ETFtOxuKiNK SjrmuhKOrBP60BV3/v4GQ0YRGXJ1Z5dZu6DTwDcbEyyY98IeyxAssRHj6vnxYQPqXibh/8 6AB5gvV9e4qS4ATWv5U5Z2B9TDF72mryvhTido2NktnX43522HK0E/JcrDoN2oJ21cRD9x S3ee145zZOVQVGXQPfTDE3XNqZpgZnQCE6GwWl/HMk7tHZdT7gbRsQJYKmyfZMsGGvEMHu Yq61fY+/MeLRdFOlacXVrUdak4fdh/e+zI0cDCAati1jVqnmRAe/TVfYfFH0Fw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N On Thu, Jul 07, 2022 at 12:24:18AM -0700, Yuri Victorovich wrote: > On 7/7/22 00:19, Alexey Dokuchaev wrote: > > Why? Aren't we only doing it when there's a redirect? > > https is more secure. There's always a balance to keep. While I want security on a page where I input a password, I'd prefer accessibility when looking at some random web page about Java program. :-) > > Now users with old browsers won't be albe to access the website. :( > > Could you please provide an example of browser name/version that doesn't > understand https? There are plenty. And the problem is not they don't understand HTTPS, they do. For example, Firefox 20.0 on my old Ubuntu Lucid knows how to talk HTTPS, but trying to visit https://www.sweethome3d.com/ it gives me: Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) Or with curl -I https://www.sweethome3d.com/ curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version With HTTP, both work just fine. I can even browse the page via "telnet 80" as I still do sometimes, very convenient. ./danfe