On 3/11/17, Desiree <melel...@medscape.com> wrote:
On 3/9/2017 2:44 AM, Simon Charles wrote:
Hi
I would love to try SeaMonkey, but I can't download it!
I am a long-term Mozilla user trying to download it from
http://www.seamonkey-project.org/releases - using Firefox on
Windows 7.
Frustratingly, I just get the following 'insecure connection' warning
(with no obvious option for circumventing it):
-----------------------------------
Your connection is not secure
The owner of download.cdn.mozilla.net has configured their website
improperly. To protect your information from being stolen, Firefox has
not connected to this website.
This site uses HTTP Strict Transport Security (HSTS) to specify that
Firefox may only connect to it securely. As a result, it is not
possible
to add an exception for this certificate.
Learn more...
[BUTTON] Go back [BUTTON] Open Login Page
[BUTTON]Advanced
-----------------------------------
<.. snip ..>
How did you get a secure page when that site is NOT https? In the
address bar just remove the "s" from "https" and you will be fine.
Most probably he will be fine but still, telling someone to 'just
remove the "s" from "https" and you will be fine' when downloading
software is unbelievably bad advice. Earlier in the thread he was
given a couple https: sites where he could download seamonkey, so it's
not like http is the only option.
I can easily get the same error you got if I stick an "s" on the end of
"http" . Here's why:
<.. snip ..>
As you can see, the SeaMonkey site is NOT on the above list and that's
because it doesn't use "https" rather "http". Plus, on Fx 45.8 ESR, I
can add an exception. Even for the Mozilla sites listed above none are
Strict Transport and they better never be as that is just puffed up
nonsense.
wrong
HTTPS where an exception can be added is sufficient but
SeaMonkey is not even using that. SeaMonkey retains COMMON SENSE
because the entire web does NOT need to be behind HTTPS
but it would be better if the entire web was behind HTTPS
and especially
NOT behind HSTS which means I can't go to sites that have HSTS certs
and
have them issued by Comodo or Go Daddy as I have my browsers set to
warn
me about any site using a cert from either of those "authorities" and
then I decide if I want to make an exception or just not visit the
site.
take a look at the certpatrol add-on
HSTS doesn't let one make exceptions and that just further cripples
the user who wishes to reserve their own judgement about sites using
certs from certain so called authorities. HSTS is just another way of
limiting the user
Imagine using the tor browser for surfing the web. Does HSTS make
sense then? How about https?
If yes, then why do you trust your ISP & whatever service provider is
between you & the download site?
and Mozilla has been going down that path for years
now with each Fx version being more and more rigid and restrictive
(might as well just merge with Chrome browser). SeaMonkey is not doing
this to its users so it is symbolically fitting that it uses simple
"http" for its site.
I suspect it's a money/people resource problem that keeps them from
using encryption rather than a deliberate choice not to use
encryption.
Regards,
Lee