Opened 5 years ago

Closed 2 years ago

#15575 closed enhancement (wontfix)

Add test for HTTP Opportunistic Encryption

Reported by: reezer Owned by: hellais
Priority: Medium Milestone:
Component: Archived/Ooni Version:
Severity: Normal Keywords: archived-closed-2018-07-04
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


With Firefox and Chrome now supporting Opportunistic Encryption of HTTP in order to avoid a passive attacker stripping or modifying that header may be a worthwhile attack. It should probably be explicitly checked for, as modifying this particular header has a great chance for being an actual attack on a website supporting it.

Blog Articles on the Header:

RFC explaining the Header:

Child Tickets

Change History (2)

comment:1 Changed 3 years ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:2 Changed 2 years ago by teor

Keywords: archived-closed-2018-07-04 added
Resolution: wontfix
Status: newclosed

Close all tickets in archived components

Note: See TracTickets for help on using tickets.