[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Bug#7074: https
From:       David Faure <david () mandrakesoft ! com>
Date:       2000-08-01 11:56:42
[Download RAW message or body]

On Tue, Aug 01, 2000 at 01:29:01PM +0200, Gerald Teschl wrote:
> Package: konqueror
> Version: 1.9.3 (KDE 1.92 Beta >= 20000720)
> Severity: critical
> 
> If I open a secure page (https) tcpdump shows that an unencrypted http
> connection is made in stead of a secure one!!!!! The user gets the impression that
> all information can be submitted securely but in reality everything is sent
> unencrypted over the net!?

Do you have openssl installed ?

> I consider this a high security problem!

I definitely agree. I've been saying many times that
kio_https should show an error if there's no ssl support instead
of silently falling back to normal http.

-- 
David FAURE
david@mandrakesoft.com, faure@kde.org
http://home.clara.net/faure/, http://www.konqueror.org/
KDE, Making The Future of Computing Available Today

[prev in list] [next in list] [prev in thread] [next in thread]