|
|
|
|
|
|
by c7DJTLrn
1000 days ago
|
|
|
>if I hadn’t seen repeated direct evidence that even most technical users will blithely click through HTTPS errors’ “accept the risk” bypass As far as I recall this is not possible on Chrome if you are MITM'd. If the cert presented doesn't match the cert in the HSTS cache, there is no option to bypass. If the server's cert is expired, then you do indeed see the option, but an expired certificate doesn't necessarily mean danger. |
|
|