TLS certificate errors are too easy to ignore
| Originator: | Rodger.Combs | ||
| Number: | rdar://21388659 | Date Originated: | 15-Jun-2015 |
| Status: | Duplicate/5992319 | Resolved: | |
| Product: | Safari | Product Version: | All |
| Classification: | Security | Reproducible: | Always |
See, for instance: https://self-signed.badssl.com/ The dialogue displayed warning the user that the certificate the server presented is untrusted is very easy to ignore. An average user, conditioned to click the default (or, here, rightmost) button to skip past similar warnings, could easily skip past the message and effectively deprive themselves of all the protection TLS is meant to provide.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!