Hacker News new | ask | show | jobs
by notpiika 2136 days ago
IIRC, you have to enable the "strict" mode, or something along those lines, in the settings before it rejects HTTP connections from being made. I had the same issue.
1 comments
mehrdadn 2136 days ago
Thanks, but then what do I do about HTTP-only sites? Why can't it default to HTTPS and then auto-fallback to HTTP when HTTPS connections fail for sites that aren't in the known-HTTPS list? It seems like a logical thing to do instead of just going straight to HTTP.
link
tialaramex 2136 days ago
This only helps you at all against passive adversaries.

An active adversary will just cheerfully block that HTTPS connection because you'll fall back to insecure silently.

link
mehrdadn 2136 days ago
I fully understand that and that's still clearly still better than going straight to HTTP, which it's already doing.
link