Page MenuHomePhabricator

Disable https on
Closed, DeclinedPublic


It's not sending a valid SSL cert for that but I know it may be not easy to configure so. I propose to point them to another IP, then disable https on that IP.

Version: unspecified
Severity: minor



Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 12:56 AM
bzimport added a project: HTTPS.
bzimport set Reference to bz43265.
bzimport added a subscriber: Unknown Object (MLST).

Disabling HTTPS is worse than simply giving an invalid certificate (Which is really perfectly secure, but untrusted because it's for the wrong domain), so I propose WONTFIXing this.

This is an ops decision, but I would also recommend a WONTFIX for this. If we point to another IP, where https is disabled, then they would get an error saying the server isn't available. The cost of issuing www. certificates for every language is also prohibitively high.

Either adding www, as alternative name (but we have www.*!), or wontfixing.

I guess wont fix too. People should really use the entry :-]