http subversion URLs should be discontinued in favor of https URLs

Yuri yuri at rawbw.com
Wed Dec 13 00:13:57 UTC 2017


On 12/12/17 11:56, Eugene Grosbein wrote:
> https://wiki.squid-cache.org/Features/SslPeekAndSplice
>
> You either ignore MITM and proceed with connection anyway or have no connectivity via this channel at all.


When the user sees that SSL/TLS is stripped, this isn't a vulnerability 
of the protocol. User can make a choice to use such connection anyway. 
There are command line options like this for some commands, and the 
choice in the browser.

Compare this with https using compromised by government CA, when the 
user doesn't have any way of knowing about MITM. So https+private CA 
stands secure.


Yuri



More information about the freebsd-security mailing list