|
|
|
|
|
|
by CydeWeys
2334 days ago
|
|
|
There are so few browsers that don't support HTTPS that it's not worth worrying about it. Besides, if the security negotiation is to be done in plaintext, then it's trivial for an attacker to MITM a connection, replace the User-Agent headers, and then trick a server into thinking it should serve content insecurely. This is a huge gaping attack vector. It's better to just always serve securely. |
|
|