On 11/17/20 10:57 AM, Adam Roach wrote: > On 11/17/20 09:45, Keith Moore wrote: >> Are those web browsers that are deprecating FTP also deprecating HTTP >> without TLS? > > > Yes. > > https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/ > > https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
This causes grief with firewall authentication where plain http is needed for the firewall to intercept and force authentication.
The present situation with HSTS latching causes grief. The internal web I used to use that was reliably http-only recently upgraded, forcing me to find a different one. HTTP support disappearing entirely, OTOH, is s disaster.
How to shoot ourselves in the foot.
That's not your foot. Ned
