On 08/13/16 08:47 PM, Reginald Beardsley via oi-dev wrote: > Could you describe the actual problem? Are there browsers that can't use > https and are actually useable? > > I tried http://www.opendindiana.org and it seamlessly switched over to https. > So what is broken?
You described it. In practice maybe someone would like to still have an option opening http site and not be forced into https. http also uses less CPU power to manage requests then https, etc. Even if redirection works. I generally never got that 'all https' thing, even forcing https can help getting site contents as it is, without possibility of interfering on delivery. I got used to see https as optional and on login,edit pages etc, but it may be that differences between http and https in CPU use are small enough, even some major pages with large visit numbers continue to use http (like Ebay) possibly for exactly less CPU/server use and also legacy clients (set top boxes , older phones with older cyphers/certificates etc.) Also, someone opening site without 'www' would maybe like opening it instead being transferred to www site where is it now. Actually openindiana.org used to work since recently, without being redirected to www.openindiana.org, that also changed. It's worth mentioning, those are noticeable changes. Anyway with 'all https', at least login and edit pages are encrypted. Noticable, dlc.openindiana.org does not work with https, even optionally. Actually don't think it's a problem, but only if Hash (.sha256sum) files or hash numbers are available from https location/site, so one can safely get sha256sum and check with sha256sum -c *.sha256sum after download, or have .sha256sum files signed with GPG/PGP key. _______________________________________________ oi-dev mailing list oi-dev@openindiana.org https://openindiana.org/mailman/listinfo/oi-dev