The difficulty of making sure your website is broken

(letsencrypt.org)

30 points | by mcpherrinm 2 hours ago

4 comments

paulirish 2 hours ago
https://badssl.com/ also offers several test subdomains in the same vein.
ipython 1 hour ago
Interesting. Chrome (146, macOS) shows no error messages on the revoked cert pages, but Firefox does (also macOS).
[-]
- mcpherrinm 1 hour ago
  Yeah, Chrome only partly supports revocation (Not sure exactly the criteria, but our test sites don't match it).
- moralestapia 41 minutes ago
  Same with Brave, so it is a Chromium thing.
lifis 1 hour ago
Vanadium, Chrome and Firefox (all for Android) all accept all the revoked certificates... But revoked.badssl.com is considered revoked
[-]
- RunningDroid 34 minutes ago
  > Vanadium, Chrome and Firefox (all for Android) all accept all the revoked certificates... But revoked.badssl.com is considered revoked
  Firefox Beta (150.0b7) is accepting all of the revoked certs on my device
bullen 1 hour ago
Meanwhile HTTP keeps working just fine and is decentralized.
Just "add your own crypto" on top, which is the ONLY thing a sane person would do.
3... 2... 1... banned?
[-]
- xandrius 1 hour ago
  Did you self-ban?
  [-]
  - bullen 1 hour ago
    XD Nope, more like self destruct! ;)