From kde-core-devel  Tue Aug 01 11:56:42 2000
From: David Faure <david () mandrakesoft ! com>
Date: Tue, 01 Aug 2000 11:56:42 +0000
To: kde-core-devel
Subject: Re: Bug#7074: https
X-MARC-Message: https://marc.info/?l=kde-core-devel&m=96513100623094

On Tue, Aug 01, 2000 at 01:29:01PM +0200, Gerald Teschl wrote:
> Package: konqueror
> Version: 1.9.3 (KDE 1.92 Beta >= 20000720)
> Severity: critical
> 
> If I open a secure page (https) tcpdump shows that an unencrypted http
> connection is made in stead of a secure one!!!!! The user gets the impression that
> all information can be submitted securely but in reality everything is sent
> unencrypted over the net!?

Do you have openssl installed ?

> I consider this a high security problem!

I definitely agree. I've been saying many times that
kio_https should show an error if there's no ssl support instead
of silently falling back to normal http.

-- 
David FAURE
david@mandrakesoft.com, faure@kde.org
http://home.clara.net/faure/, http://www.konqueror.org/
KDE, Making The Future of Computing Available Today