• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

https everywhere?

R

rob^_^

Flightless Bird
doh!

Press F1 in IE and search for https.

"In-Betweener" <In-Betweener@chaos.order.mrvl> wrote in message
news:ePbGGelELHA.4316@TK2MSFTNGP06.phx.gbl...
> https://www.eff.org/https-everywhere has a Firefox extension that forces
> the browser to use https whenever available from the server. Is there
> somthing like that for IE8?
>
> Thanks in advance.
>
 
I

In-Betweener

Flightless Bird
"rob^_^" wrote:

> doh!
>
> Press F1 in IE and search for https.

Forgive me, but it is not a "doh!" question. Maybe I can be clearer: eff
https-everywhere changes automatically Firefox http requests into https
requests, even if the link/address don't refer to https protocol, even if the
site default is to provide http intead of https. Only if none of those works,
http is used.

The idea is to use https *always* (unless it is *impossible*), in order to
improve privacy (e.g., in wireless network).

So I'd like to know whether there is some setting, or a plug-in, like that
for IE8.

Thanks again. Any help will be appreciated.

>
> "In-Betweener" <In-Betweener@chaos.order.mrvl> wrote in message
> news:ePbGGelELHA.4316@TK2MSFTNGP06.phx.gbl...
> > https://www.eff.org/https-everywhere has a Firefox extension that forces
> > the browser to use https whenever available from the server. Is there
> > somthing like that for IE8?
> >
> > Thanks in advance.
> >
> .
>
 
D

Dan

Flightless Bird
"In-Betweener" <In-Betweener@chaos.order.mrvl> wrote in message
news:ePbGGelELHA.4316@TK2MSFTNGP06.phx.gbl...
> https://www.eff.org/https-everywhere has a Firefox extension that forces
> the browser to use https whenever available from the server. Is there
> somthing like that for IE8?
>
> Thanks in advance.

Have you actually read how it works? Outside of the small number of sites
pre-configured you have to manually add sites to it's configuration, so it's
not particularly useful without the user knowing how to do this.

I haven't seen anything like this for IE, although if someone does write
something similar I hope they stick with making it configurable and not try
to automate it on every site - otherwise not only would it cause unnecessary
overhead (having to make secure requests in the background and then switch
the user to the secure version if it works), it'll also make browsing a
whole lot slower and risk redirecting to the wrong sites; eg I have a set of
sites that share a single IP and each runs a secure site on a different
port - due to lack of browser support for host header extensions to TLS
handshaking - and so if a user went to site A and an add-on blindly
connected to port 443 to see if a secure page was available it would show
site B on this particular server - which makes it next to useless.

--
Dan
 
I

In-Betweener

Flightless Bird
"Dan" <news@worldofspack.com> escreveu na mensagem news:uSteQfuELHA.2276@TK2MSFTNGP06.phx.gbl...
>
> "In-Betweener" <In-Betweener@chaos.order.mrvl> wrote in message news:ePbGGelELHA.4316@TK2MSFTNGP06.phx.gbl...
>> https://www.eff.org/https-everywhere has a Firefox extension that forces the browser to use https whenever available from the
>> server. Is there somthing like that for IE8?
>>
>> Thanks in advance.
>
> Have you actually read how it works? Outside of the small number of sites pre-configured you have to manually add sites to it's
> configuration, so it's not particularly useful without the user knowing how to do this.

First of all, thanks for the respectful reply.

No I hadn't read the details. Thanks to you, I had a look at https://www.eff.org/https-everywhere/rulesets. Indeed does not seem as
automatic as I thought it was. Nor that useful. Unless I'm still overlooking something.

Thank you very much for the help.


>
> I haven't seen anything like this for IE, although if someone does write something similar I hope they stick with making it
> configurable and not try to automate it on every site - otherwise not only would it cause unnecessary overhead (having to make
> secure requests in the background and then switch the user to the secure version if it works), it'll also make browsing a whole
> lot slower and risk redirecting to the wrong sites; eg I have a set of sites that share a single IP and each runs a secure site on
> a different port - due to lack of browser support for host header extensions to TLS handshaking - and so if a user went to site A
> and an add-on blindly connected to port 443 to see if a secure page was available it would show site B on this particular server -
> which makes it next to useless.
>
> --
> Dan
 
D

Dan

Flightless Bird
"In-Betweener" <In-Betweener@chaos.order.mrvl> wrote in message
news:uIveWizELHA.5736@TK2MSFTNGP02.phx.gbl...
> "Dan" <news@worldofspack.com> escreveu na mensagem
> news:uSteQfuELHA.2276@TK2MSFTNGP06.phx.gbl...
>>
>> "In-Betweener" <In-Betweener@chaos.order.mrvl> wrote in message
>> news:ePbGGelELHA.4316@TK2MSFTNGP06.phx.gbl...
>>> https://www.eff.org/https-everywhere has a Firefox extension that forces
>>> the browser to use https whenever available from the server. Is there
>>> somthing like that for IE8?
>>>
>>> Thanks in advance.
>>
>> Have you actually read how it works? Outside of the small number of sites
>> pre-configured you have to manually add sites to it's configuration, so
>> it's not particularly useful without the user knowing how to do this.
>
> First of all, thanks for the respectful reply.
>
> No I hadn't read the details. Thanks to you, I had a look at
> https://www.eff.org/https-everywhere/rulesets. Indeed does not seem as
> automatic as I thought it was. Nor that useful. Unless I'm still
> overlooking something.
>
> Thank you very much for the help.

You're not overlooking anything - outside of the pre-configured sites you
have to add any others yourself. There is something about STS possibly being
supported, but this requires the web server to support STS and as far as I
know that is a beta module for Apache2 for this, but other than no web
server supports STS.

--
Dan
 
You must log in or register to reply here.
Top