|
|
|
|
|
|
by mehrdadn
2136 days ago
|
|
|
Thanks, but then what do I do about HTTP-only sites? Why can't it default to HTTPS and then auto-fallback to HTTP when HTTPS connections fail for sites that aren't in the known-HTTPS list? It seems like a logical thing to do instead of just going straight to HTTP. |
|
|
An active adversary will just cheerfully block that HTTPS connection because you'll fall back to insecure silently.