Slashdot Mirror


Firefox Extension HTTPS Everywhere Does What It Sounds Like

climenole writes "HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS."

2 of 272 comments (clear)

  1. Re:Self-signed certs are vulnerable to MITM by roman_mir · · Score: 0, Redundant

    It is a configuration choice, not an error, and by the way this directive:

    SSLInsecureRenegotiation on

    has to be turned on, in case you didn't notice a huge portion of my comment, it already is a problem that can lead to a possible MIM attack but if I don't have it on, then IE does not work and FF 3.5 and probably earlier versions don't work on Linux distros and maybe on Windows (I didn't check.)

    It is better to run a https site than http, whether the script is self signed is another matter, but it's not an error, especially given what kinds of clients people still use.

  2. Re:firefox doesn't really make it easy for the use by roman_mir · · Score: -1, Redundant

    It is in the name: ERROR.

    Show a WARNING - Self Signed Certificate.

    The language is important if you want any kind of security adoption for many sites.

    You better tell me what can really be done about this:

    SSLInsecureRenegotiation on

    which presents a MITM possible attack with any type of certificate, self signed or not.