|
|
|
|
|
|
by acdha
4015 days ago
|
|
|
> Since it doesn't use the normal ways to download extension, I would assume it does not use TLS connection If this was some random enterprise Java app, yes, that would be a reasonable assumption but you're talking about one of the most heavily audited codebases in existence, which has one of the best security teams in the world working on making TLS stronger and aggressively pinning certificates. Their track record would merit actually looking at the source rather than simply speculating. |
|
|