Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 12 Feb 2016 09:58:47 -0500
From: David Leo <>
Subject: Re: HTTPS Only (Open Source, Python)

Yes, Mozilla said, "Gradually phasing out access to browser features
for non-secure websites", in April 2015. After more than six months,
they have done nothing useful.

The Chrome team wanted the same stuff:
Again, nothing significant has been achieved yet.

And there is HTTPS Everywhere, with SO MANY rules:
It's still able to access HTTP by default, but there is "Block all
HTTP requests". The problem: nothing happens when browser tries HTTP -
there should be warning(it's incorrect behavior) and options(try
HTTPS, Google Cache, etc). People complained, months ago:

So I made this project, because I have lost patience a long time ago.

Best Wishes,

On Thu, Feb 11, 2016 at 11:56 AM, P J P <> wrote:
> +-- On Thu, 11 Feb 2016, David Leo wrote --+
> | If browser tries to access HTTP address,
> | you will have three options:
> | try HTTPS,
> | Google Cache,
> | or copy-and-paste the address.
> |
> | There is no option to "temporarily bypass HTTPS Only".
> | You can always do that in another browser.
> |
> | Project Home Page:
> |
> Browsers too are moving there:
>   ->
> (just to note)
> --
> Prasad J Pandit / Red Hat Product Security Team
> 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ