On Thu, 15 Apr 2021 11:16:59 +0100 piorunz <pior...@gmx.com> wrote: > On 15/04/2021 03:15, Celejar wrote: > > >> It certainly works fine for me. I use https only mode for many months > >> now. Can you bring an example of a page which returns good page on http, > >> but 404 error on https? > > > > http://www.daat.ac.il/ > > https://www.daat.ac.il/ > > > > Celejar > > Their webserver is misconfigured. AFAIR, if they don't support https, > their server should redirect to http page. Instead, they throw 404 error.
Do you have a reference for this as required by the standards? > Your web browser behaviour is as intended, everything is fine. > If webadmins of that page don't know their sh*t, are you sure you want > to use that website? Who knows what else they forgot to implement. No, everything is not fine. The website in question is a very valuable one - it contains a wealth of important academic articles that are valuable to my work. The techie attitude that the value of a resource is somehow correlated to the technical competence of its implementation is unfortunate and misguided. I might indeed be reluctant to trust such a site with sensitive personal information, but to suggest that we should shun websites just because their administrators should be doing a better job is illogical. > Disclaimer: I never worked in IT, all self taught, but I have webpage > which I put up myself on Debian computer, with https cert (it's free), > TLS 2.0/3.0 only, PFS, HSTS preload with long duration, OCSP stapling, > top spec security. These guys? They can't even redirect to their http page. Celejar