top | item 41333734

(no title)

Just don't do that. Some of us (hello) live in countries that perform or tried to perform HTTPS MITM on a massive scale, and only had to roll back because so much well behaving shit broke.

If software suddenly started accepting invalid certificates, they would have no incentive of rolling it back. HTTPS would make zero sense then.

discuss

firesteelrain|1 year ago

curl does accept if you enable the option to do so. It is optional

perchlorate|1 year ago

This doesn't make it a good idea to break HTTPS by default. Defaults matter, if everything ignored HTTPS errors by default, I would be talking to you over a MITMed connection right now. Because so much software stopped working, they had to roll back that braindead idea in less than a day.