Closed ChristophGr closed 12 years ago
When turning off convergence and connecting to that site I get redirected to http. Maybe the wrong-cert is related to the SNI issue (#28)?
IMHO ignoring security exceptions is a feature of convergence. There shouldn't be any reason for adding security exceptions when people are using SSL as intended. At the moment it's needed because of all the self-signed or CACert issues. With convergence those issues should be gone in the future.
On the given site, HTTPS is used only for the login. Clicking the "sign in" link always redirects to https://www.wowace.com/home/login/?next=http%3A%2F%2Fwww.wowace.com%2F
However I have no way of logging in on the site while convergence is active.
IMHO ignoring security exceptions is a feature of convergence. There shouldn't be any reason for adding security exceptions when people are using SSL as intended. At the moment it's needed because of all the self-signed or CACert issues. With convergence those issues should be gone in the future.
I think that's not the only thing ppl are doing "wrong" when using SSL. There are also expired certificates or certificates not covering all subdomains. Some server administrators either don't care or are just plain incompetent.
Nevertheless I might be required to use their service (school, university, partner company, ...) So security exception should still be possible, but maybe maintained in a separate whitelist.
It's SNI, I'm closing this as a duplicate of #28.
I connected to the following site:
https://www.wowace.com
It gives a security exception because convergence for some reason receives the certificate from another site https://www.curseforge.com (same company).
However, when I add a security exception, I still cannot connect to that site. The only way I can is to turn off convergence :(
I looked in the preferences and there is a security exception for https://www.wowace.com:443 The Certificate Name however is *.curseforge.com