Why does Safari seem to be accepting an HTTPS connection every other browser rejects?
This question is inspired by a bug/issue in recent Linksys router firmware. Essentially, something has changed recently that's preventing HTTPS access to the web admin on current generation Linksys routers (E4200 and E3000 specifically, although others might be affected as well). This problem shows up in IE, Firefox, Chrome, and Opera, but interestingly not in Safari. Does Safari handle HTTPS connections in some way that's different from every other browser? Is it accepting SSL certificates that other browsers deem invalid for some reason? I tried doing some research on whether Safari is known to be more lenient when validating SSL certificates but I came up empty. Anyone have any ideas/experience with how Safari handles HTTPS? Edit: Clarification on "preventing HTTPS access". The error page that gets displayed varies somewhat by browser, but most of them indicate that the connection was reset while the page was loading. IE provides the least informative message simply stating that "Internet Explorer cannot display the webpage". My next step I suppose will be installing Ethereal to see if I can get a better idea of what's actually happening.
With Safari, if it cannot validate the certificate, for example because it is self-signed or is signed by an untrusted CA or, quite often, because the server is not sending the intermediate certificate, you can click the “Continue” button on the error dialog and it will automatically store an exception to trust this certificate for this site for the rest of the session (until you quit the browser). You also have the option of showing the certificate and explicitly saving it as trusted so it will always be trusted in the future.
There is also a preference option to some kinds of certificate errors in general. In the Security pane of the Preferences window, you can uncheck “Warn when visiting a fraudulent website.” I believe that just fixes host-certificate name mismatches, not invalid certificates in general, but I’m not sure.
Our Awesome Free Tools
- Check your IP Address precisely
- Online JSON Formatter with Syntax Highlight
- Online CSS Minifier Compressor
- Online MD5 Hash Generator
- Online SHA-1, SHA-256, SHA-512 Generator
- Online Base64 Encoder/Decoder
- Online CRC-32 Calculator
- Online Triple DES Encryptor/Decryptor
- Best World Clocks