Skip to content
Snippets Groups Projects
Closed (moved) Self-signed, expired, invalid and mixed-content SSL certificates at middle security
  • View options

    • Self-signed, expired, invalid and mixed-content SSL certificates at middle security

  • View options
    • Closed (moved) Issue created by Trac

    when I access a site, with a self-signed, expired and invalid, I can add it to exceptions, (or not; go back) when I add, this potentially harmful domain can use JavaScript (because its use HTTPS; assuming we are using middle slider).

    should have a mechanism to forbidden those exceptions and mixed-content to use JavaScript, because they can be harmful for user, especially assuming the users don't make any know about the risks.

    the options (in my view):

    1. force HTTPS untrusted to use HTTP by default.

    2. add a script or whatever, to disarm JavaScript on those sites (when using mid security).

    3. a very informative and scarry warning on it.

    Trac:
    Username: i139

    Linked items ... 0

    • Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first
    Loading Loading Loading Loading Loading Loading Loading Loading Loading Loading