www/175685: HTTPS does not follow visitor among FreeBSD.org sub-domains
John W. O'Brien
john at saltant.com
Tue Jan 29 22:20:01 UTC 2013
>Number: 175685
>Category: www
>Synopsis: HTTPS does not follow visitor among FreeBSD.org sub-domains
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-www
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 29 22:20:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: John W. O'Brien
>Release: 9.1-STABLE
>Organization:
Saltant Solutions
>Environment:
FreeBSD XXXX.saltant.net 9.1-STABLE FreeBSD 9.1-STABLE #2 r245089: Sat Jan 5 22:27:54 EST 2013 root at XXXX.saltant.net:/usr/obj/usr/src/sys/NIPPL amd64
>Description:
Thanks to the new SSL/TLS certificates for HTTPS on www.FreeBSD.org,
wiki.FreeBSD.org, svnweb.FreeBSD.org, and lists.FreeBSD.org (as noted in https://lists.freebsd.org/pipermail/freebsd-announce/2013-January/001452.html), visitors can enjoy improved security therein. However, links from one sub-domain to another, and in some cases within a given site, revert to unsecured HTTP.
In addition to the "How to repeat..." examples below, some other affected links I know of include: mirror selection, security advisories and errata notices, on the home page; "View or search problem reports" from Bug Reports; "browse" link from the mailing lists page, and then from a listinfo page to the associated archives; embedded man page references from all over (e.g. the Handbook); and submitting this very form.
>How-To-Repeat:
- Browse to https://www.freebsd.org/
- Do one of the following:
-- Use the search tool
-- Navigate using the main menus to Documentation->Manual Pages
-- ... Community->Forums
-- ... Developers->*
-- ... Support->Security Information
-- ... Support->Bug Reports
-- Etc
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-www
mailing list