What the hell ever happened to being allowed to ignore my computer's advice?
What if I trust the website, and I know the cert has expired, or TLS is just being an ass? What if I want to use a "weak" or no password? Etc.
It's my computer, and I have my reasons.
@OpenComputeDesign @firefox still lets you past TLS warnings. Essential for things like ILO and routers. Don't know why Chrome et al don't let you.
@falken @OpenComputeDesign @firefox Because Chrome is an Embrace-Extend-Extinguish attack on computing as a whole that pretends to be a browser.
@AMS @falken @OpenComputeDesign @firefox last I tested Chrome and Edge (what I use mostly) still do. I bypassed a certificate warning yesterday for an internal site. AFAIK it’s only when the site owner sets up HSTS and says “if your device/browser doesn’t trust my certificate, I refuse to show you content for fear of being AITM’d”
@OpenComputeDesign @ajn142 @AMS @firefox HSTS is a requirement for most security audits these days. And it's right and correct to error if TLS on public internet has broken that policy. Not sure why vendors feel that kit in my house needs to use same domain as that would apply too
@OpenComputeDesign @falken @ajn142 @firefox Nuking the hsts cache for the site works, and I have a button for it, but putting it in the UI is easier.
@falken @ajn142 @AMS @firefox I get throwing up errors and warnings, but my computer preventing me from using my computer is against my core beliefs