Hi gang,
First a small rant: I seriously dislike the zealous way in which HSTS gets implemented in modern browsers today, it's a joke. I can't overrule anything anymore! Even though I KNOW that there is 0 risk *
Anyway: the certificate for forums.freebsd.org expired a few hours ago, sloppy :/ And because the site is masked with HSTS the result is that no one with a modern browser is now allowed access anymore. Something I'm seriously displeased with (note: that's mostly aimed at this POS browser which is treating me like an idiot: Opera, Chrome, FireFox... Dumb consumer products where HTTPS is concerned if you ask me).
Anyway, figured I'd leave a warning here. Please fix :/
In case you're wondering: I originally posted this using www/links from my trusty Zefiris FreeBSD server.
First a small rant: I seriously dislike the zealous way in which HSTS gets implemented in modern browsers today, it's a joke. I can't overrule anything anymore! Even though I KNOW that there is 0 risk *
Anyway: the certificate for forums.freebsd.org expired a few hours ago, sloppy :/ And because the site is masked with HSTS the result is that no one with a modern browser is now allowed access anymore. Something I'm seriously displeased with (note: that's mostly aimed at this POS browser which is treating me like an idiot: Opera, Chrome, FireFox... Dumb consumer products where HTTPS is concerned if you ask me).
Anyway, figured I'd leave a warning here. Please fix :/
In case you're wondering: I originally posted this using www/links from my trusty Zefiris FreeBSD server.
Well, in the mean time I found an undocumented option to do exactly that: to overrule certificate checking by Chrome (Opera is build upon Chromium). I'm still leaving my rant above as-is because I think this "solution" is even more dangerous.
What it is? Start the browser with the -ignore-certificate-errors parameter. See: I'm the geek who just did so on the console (cmd.exe) after finding launcher.exe which launches Opera. How many people would edit the icon / menu entry instead? And maybe forget all about it? See, the risk here is that this setting now overrules every certificate error on every website.
And all because some dumb programmers feel the need to treat their users like idiots, while obviously also relying on the classic security through obscurity (as mentioned: as far as I can tell this parameter is undocumented).
What it is? Start the browser with the -ignore-certificate-errors parameter. See: I'm the geek who just did so on the console (cmd.exe) after finding launcher.exe which launches Opera. How many people would edit the icon / menu entry instead? And maybe forget all about it? See, the risk here is that this setting now overrules every certificate error on every website.
And all because some dumb programmers feel the need to treat their users like idiots, while obviously also relying on the classic security through obscurity (as mentioned: as far as I can tell this parameter is undocumented).