On 3/11/17, Desiree <melel...@medscape.com> wrote: > On 3/9/2017 2:44 AM, Simon Charles wrote: >> Hi >> >> I would love to try SeaMonkey, but I can't download it! >> >> I am a long-term Mozilla user trying to download it from >> http://www.seamonkey-project.org/releases - using Firefox on Windows 7. >> Frustratingly, I just get the following 'insecure connection' warning >> (with no obvious option for circumventing it): >> >> ----------------------------------- >> Your connection is not secure >> The owner of download.cdn.mozilla.net has configured their website >> improperly. To protect your information from being stolen, Firefox has >> not connected to this website. >> This site uses HTTP Strict Transport Security (HSTS) to specify that >> Firefox may only connect to it securely. As a result, it is not possible >> to add an exception for this certificate. >> Learn more... >> [BUTTON] Go back [BUTTON] Open Login Page >> [BUTTON]Advanced >> ----------------------------------- >> <.. snip ..>
> How did you get a secure page when that site is NOT https? In the > address bar just remove the "s" from "https" and you will be fine. Most probably he will be fine but still, telling someone to 'just remove the "s" from "https" and you will be fine' when downloading software is unbelievably bad advice. Earlier in the thread he was given a couple https: sites where he could download seamonkey, so it's not like http is the only option. > I can easily get the same error you got if I stick an "s" on the end of > "http" . Here's why: > <.. snip ..> > > As you can see, the SeaMonkey site is NOT on the above list and that's > because it doesn't use "https" rather "http". Plus, on Fx 45.8 ESR, I > can add an exception. Even for the Mozilla sites listed above none are > Strict Transport and they better never be as that is just puffed up > nonsense. wrong > HTTPS where an exception can be added is sufficient but > SeaMonkey is not even using that. SeaMonkey retains COMMON SENSE > because the entire web does NOT need to be behind HTTPS but it would be better if the entire web was behind HTTPS > and especially > NOT behind HSTS which means I can't go to sites that have HSTS certs and > have them issued by Comodo or Go Daddy as I have my browsers set to warn > me about any site using a cert from either of those "authorities" and > then I decide if I want to make an exception or just not visit the site. take a look at the certpatrol add-on > HSTS doesn't let one make exceptions and that just further cripples > the user who wishes to reserve their own judgement about sites using > certs from certain so called authorities. HSTS is just another way of > limiting the user Imagine using the tor browser for surfing the web. Does HSTS make sense then? How about https? If yes, then why do you trust your ISP & whatever service provider is between you & the download site? > and Mozilla has been going down that path for years > now with each Fx version being more and more rigid and restrictive > (might as well just merge with Chrome browser). SeaMonkey is not doing > this to its users so it is symbolically fitting that it uses simple > "http" for its site. I suspect it's a money/people resource problem that keeps them from using encryption rather than a deliberate choice not to use encryption. Regards, Lee _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
