Announcement

Collapse
No announcement yet.

Following Many Patches, Linux 5.9 Finally Switching To HTTPS Links En Masse

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Following Many Patches, Linux 5.9 Finally Switching To HTTPS Links En Masse

    Phoronix: Following Many Patches, Linux 5.9 Finally Switching To HTTPS Links En Masse

    On the mailing lists and browsing various Git "-next" repositories it's felt like "damn, there are a lot of patches about replacing HTTP links with HTTPS all of a sudden" inside the kernel sources and documentation. Indeed, for Linux 5.9 where applicable HTTP links are being replaced for HTTPS...

    http://www.phoronix.com/scan.php?pag....9-HTTPS-Links

  • #2
    HTTPS feels like a sham... It breaks traditional caching proxy servers like Squid, yet somehow Cloudflare seems to be able to serve cached data for many sites, even using HTTPS... We're all being MITM attacked?

    Comment


    • #3
      Originally posted by ed31337 View Post
      HTTPS feels like a sham... It breaks traditional caching proxy servers like Squid,
      Squid has always supported HTTPS. Yes, you need to configure a proxy in your browser, so it's not transparent anymore but this is easily done in an automated fashion.

      Originally posted by ed31337 View Post
      yet somehow Cloudflare seems to be able to serve cached data for many sites, even using HTTPS... We're all being MITM attacked?
      You're confusing a forward proxy with a reverse proxy. Cloudflare is a reverse proxy so it is the website owner who needs to configure the proxy, not the visitor. If anything, proxying through Cloudflare / Sucuri usually improves the security of a connection.

      Comment


      • #4
        Originally posted by sbivol View Post
        You're confusing a forward proxy with a reverse proxy. Cloudflare is a reverse proxy so it is the website owner who needs to configure the proxy, not the visitor. If anything, proxying through Cloudflare / Sucuri usually improves the security of a connection.
        Yeah, what Cloudflare does is somewhere between proxying and hosting...

        Comment


        • #5
          Wouldn't the HTTP documentation links be redirecting to HTTPS pretty much everywhere now anyway?

          Comment


          • #6
            Looks like Alexander Klimov from Russia
            It is common for Russian ISP to modify traffic and replace or add own ads.
            Currently they usually don't touch https traffic.

            Comment


            • #7
              Originally posted by macemoneta View Post
              Wouldn't the HTTP documentation links be redirecting to HTTPS pretty much everywhere now anyway?
              It does, but the redirect to HTTPS happens after your cookies were sent, which means someone could have sniffed your authentication token and reused it to impersonate you.
              Even without cookies, a man-in-the-middle can alter the redirect itself to make you visit an unexpected website. Like http://example.com redirecting to
              Code:
              https://exemple.com
              which tricks you into logging in.
              Last edited by tildearrow; 07-26-2020, 07:02 PM.

              Comment


              • #8
                Originally posted by sbivol View Post
                It does, but the redirect to HTTPS happens after your cookies were sent, which means someone could have sniffed your authentication token and reused it to impersonate you.
                Even without cookies, a man-in-the-middle can alter the redirect itself to make you visit an unexpected website. Like http://example.com redirecting to
                Code:
                https://exemple.com
                which tricks you into logging in.
                Yep... if you're relying on HTTP to redirect you to HTTPS, you're trusting something that can be trivially MITMed to enable your security. Better than nothing, but not great.

                Comment


                • #9
                  Originally posted by ed31337 View Post
                  HTTPS feels like a sham... It breaks traditional caching proxy servers like Squid, yet somehow Cloudflare seems to be able to serve cached data for many sites, even using HTTPS... We're all being MITM attacked?
                  True, here in India ISPs have started hijacking DNS and doing other shit. I'd rather have HTTPS with known certificates, and use DNSoTLS/DNSoHTTPS with DNSSEC.

                  Comment

                  Working...
                  X