www/175685: HTTPS does not follow visitor among FreeBSD.org sub-domains

John W. O'Brien john at saltant.com
Tue Jan 29 22:20:01 UTC 2013


>Number:         175685
>Category:       www
>Synopsis:       HTTPS does not follow visitor among FreeBSD.org sub-domains
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-www
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 29 22:20:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     John W. O'Brien
>Release:        9.1-STABLE
>Organization:
Saltant Solutions
>Environment:
FreeBSD XXXX.saltant.net 9.1-STABLE FreeBSD 9.1-STABLE #2 r245089: Sat Jan  5 22:27:54 EST 2013     root at XXXX.saltant.net:/usr/obj/usr/src/sys/NIPPL  amd64
>Description:
Thanks to the new SSL/TLS certificates for HTTPS on www.FreeBSD.org,
wiki.FreeBSD.org, svnweb.FreeBSD.org, and lists.FreeBSD.org (as noted in https://lists.freebsd.org/pipermail/freebsd-announce/2013-January/001452.html), visitors can enjoy improved security therein. However, links from one sub-domain to another, and in some cases within a given site, revert to unsecured HTTP.

In addition to the "How to repeat..." examples below, some other affected links I know of include: mirror selection, security advisories and errata notices, on the home page; "View or search problem reports" from Bug Reports; "browse" link from the mailing lists page, and then from a listinfo page to the associated archives; embedded man page references from all over (e.g. the Handbook); and submitting this very form.

>How-To-Repeat:
- Browse to https://www.freebsd.org/
- Do one of the following:
-- Use the search tool
-- Navigate using the main menus to Documentation->Manual Pages
-- ... Community->Forums
-- ... Developers->*
-- ... Support->Security Information
-- ... Support->Bug Reports
-- Etc
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-www mailing list