http subversion URLs should be discontinued in favor of https URLs
Yuri
yuri at rawbw.com
Wed Dec 13 00:13:57 UTC 2017
On 12/12/17 11:56, Eugene Grosbein wrote:
> https://wiki.squid-cache.org/Features/SslPeekAndSplice
>
> You either ignore MITM and proceed with connection anyway or have no connectivity via this channel at all.
When the user sees that SSL/TLS is stripped, this isn't a vulnerability
of the protocol. User can make a choice to use such connection anyway.
There are command line options like this for some commands, and the
choice in the browser.
Compare this with https using compromised by government CA, when the
user doesn't have any way of knowing about MITM. So https+private CA
stands secure.
Yuri
More information about the freebsd-security
mailing list