undefined | Better HN

0 pointsjefftk3y ago0 comments

You can still use a self-signed cert with HTTP3 (including rightly scary warnings for visitors) or you can make your own CA and distribute the cert (no scary warnings when people visit your site).

0 comments

mistrial93y ago

I will believe this when I see it, thank you

the zealous "you must obey the law" tone of SOME comments here reinforces the worst stereotypes of corporate apparats.. individuals doing the bidding of institutions based on the letter of their "laws"

Human history has shown again and again that this ends badly .. HTTP is OK with ME

jefftkOP3y ago

> I will believe this when I see it, thank you

I'm on my phone so I can't confirm this is http3, but how about https://self-signed.badssl.com/

mistrial93y ago

    $ curl -v https://self-signed.badssl.com/
    *   Trying 104.154.89.105:443...
    * Connected to self-signed.badssl.com (104.154.89.105) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    *  CAfile: /etc/ssl/certs/ca-certificates.crt
    *  CApath: /etc/ssl/certs
    * TLSv1.0 (OUT), TLS header, Certificate Status (22):
    * TLSv1.3 (OUT), TLS handshake, Client hello (1):
    * TLSv1.2 (IN), TLS header, Certificate Status (22):
    * TLSv1.3 (IN), TLS handshake, Server hello (2):
    * TLSv1.2 (IN), TLS header, Certificate Status (22):
    * TLSv1.2 (IN), TLS handshake, Certificate (11):
    * TLSv1.2 (OUT), TLS header, Unknown (21):
    * TLSv1.2 (OUT), TLS alert, unknown CA (560):
    * SSL certificate problem: self-signed certificate
    * Closing connection 0
    curl: (60) SSL certificate problem: self-signed certificate
    More details here: 
    https://curl.se/docs/sslcerts.html

"curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above."

    $ curl --version
    curl 7.81.0 (x86_64-pc-linux-gnu) libcurl/7.81.0 OpenSSL/3.0.2 zlib/1.2.11 brotli/1.0.9 zstd/1.4.8 libidn2/2.3.2 libpsl/0.21.0 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.5.13
    Release-Date: 2022-01-05
    Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
    Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets zstd

3 more replies

nrb3y ago

> HTTP is OK with ME

How do you propose to secure user sessions and prevent MITM or tracking otherwise?

bombcar3y ago

That battle is mostly lost anyway - the web is what Google and Apple let you see for the most part for most users.

mistrial93y ago

I encourage you to take solace in stories of courage and invention at this challenging time in history.

j / k navigate · click thread line to collapse

0 comments

mistrial93y ago

I will believe this when I see it, thank you

Human history has shown again and again that this ends badly .. HTTP is OK with ME

jefftkOP3y ago

> I will believe this when I see it, thank you

I'm on my phone so I can't confirm this is http3, but how about https://self-signed.badssl.com/

mistrial93y ago

    $ curl -v https://self-signed.badssl.com/
    *   Trying 104.154.89.105:443...
    * Connected to self-signed.badssl.com (104.154.89.105) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    *  CAfile: /etc/ssl/certs/ca-certificates.crt
    *  CApath: /etc/ssl/certs
    * TLSv1.0 (OUT), TLS header, Certificate Status (22):
    * TLSv1.3 (OUT), TLS handshake, Client hello (1):
    * TLSv1.2 (IN), TLS header, Certificate Status (22):
    * TLSv1.3 (IN), TLS handshake, Server hello (2):
    * TLSv1.2 (IN), TLS header, Certificate Status (22):
    * TLSv1.2 (IN), TLS handshake, Certificate (11):
    * TLSv1.2 (OUT), TLS header, Unknown (21):
    * TLSv1.2 (OUT), TLS alert, unknown CA (560):
    * SSL certificate problem: self-signed certificate
    * Closing connection 0
    curl: (60) SSL certificate problem: self-signed certificate
    More details here: 
    https://curl.se/docs/sslcerts.html

    $ curl --version
    curl 7.81.0 (x86_64-pc-linux-gnu) libcurl/7.81.0 OpenSSL/3.0.2 zlib/1.2.11 brotli/1.0.9 zstd/1.4.8 libidn2/2.3.2 libpsl/0.21.0 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.5.13
    Release-Date: 2022-01-05
    Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
    Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets zstd

3 more replies

nrb3y ago

> HTTP is OK with ME

How do you propose to secure user sessions and prevent MITM or tracking otherwise?

bombcar3y ago

That battle is mostly lost anyway - the web is what Google and Apple let you see for the most part for most users.

mistrial93y ago

I encourage you to take solace in stories of courage and invention at this challenging time in history.

j / k navigate · click thread line to collapse