Originally posted by Pyth0n
View Post
Code:
curl https://www.slackware.com -v * Trying 2a02:26f0:3500:1b::1724:a390:443... * Connected to www.slackware.com (2a02:26f0:3500:1b::1724:a390) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: none * CApath: /etc/ssl/certs/ * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=slackware.com * start date: Dec 30 08:45:26 2021 GMT * expire date: Mar 30 08:45:25 2022 GMT * subjectAltName: host "www.slackware.com" matched cert's "www.slackware.com" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. * Using HTTP2, server supports multiplexing * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x22a6980) > GET / HTTP/2 > Host: www.slackware.com > user-agent: curl/7.81.0 > accept: */* > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing < HTTP/2 301 < server: AkamaiGHost < content-length: 0 < location: http://www.slackware.com/ < date: Fri, 04 Feb 2022 20:51:13 GMT < * Connection #0 to host www.slackware.com left intact
So there is https, it just redirects to plain http ... if there are no secure info there, no shop, let http work for plain text and cache layers. No need to blindly use https when it is not really needed (hey, remember all those ssl/tls related security bugs!!)
Comment