


























> In all honesty, the generated code mentioned in the blog post is more of an industry standard at this point rather than anything else - which is a bit of a sad state of affairs.
Indeed. Using HTTPS everywhere is a good thing for the encryption, but actually getting and maintaining valid server certificates everywhere including internal systems is a lot of work. And if you trust the DNS on your local network it's not a security issue. Definitely not a "severe vulnerability". Context is everything.
Let's Encrypt has fixed the issue for publicly available sites, but for anything internal it remains a PITA.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。