search

claustromaniac / httpz

Fat-free hardenable opportunistic encryption for Firefox
https://addons.mozilla.org/firefox/addon/httpz/
GNU General Public License v3.0
61 stars 5 forks source link

redirection back to http doesn't work on archives.nypl.org #40

Closed practik closed 4 years ago

practik commented 4 years ago

^ What the title says. ^ Instead of redirecting back to http://archives.nypl.org, you get stuck on https://archives.nypl.org, which shows you this error message:

archives.nypl.org - SSL Connection failed Error code 29 SSL is not supported

claustromaniac commented 4 years ago

HTTPZ does not redirect that one back to HTTP because the server is effectively responding with an encrypted response. If you take a peek at the site's security info, you'll see it is using a certificate issued by USERTrust RSA.

Nevertheless, the server returns a 503 status code (Service Unavailable). The problem is that status code is too generic (not necessarily related to HTTPS in general). If HTTPZ treated those as errors, it would be taking wild guesses, and would sometimes downgrade requests mistakenly.

Bottom line, this is the sort of scenario that users are meant to solve via whitelisting.

Thanks anyway for reporting.

practik commented 4 years ago

this is the sort of scenario that users are meant to solve via whitelisting.

Done, and thanks for the explanation!