Firefox Extension HTTPS Everywhere Does What It Sounds Like

climenole writes "HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS."

Re:Self-signed certs are vulnerable to MITM

[roman_mir]

It is a configuration choice, not an error, and by the way this directive:

SSLInsecureRenegotiation on

has to be turned on, in case you didn't notice a huge portion of my comment, it already is a problem that can lead to a possible MIM attack but if I don't have it on, then IE does not work and FF 3.5 and probably earlier versions don't work on Linux distros and maybe on Windows (I didn't check.)

It is better to run a https site than http, whether the script is self signed is another matter, but it's not an error, especially given what kinds of clients people still use.