Durante il tentativo di visitare il collegamento , ho notato che sono stato reindirizzato immediatamente a HTTP. Ecco cosa dice cURL a riguardo:
$ curl --max-redirs 0 -v -L https://www.ebay.com
* Rebuilt URL to: https://www.ebay.com/
* Adding handle: conn: 0x6c8cc0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x6c8cc0) send_pipe: 1, recv_pipe: 0
* About to connect() to www.ebay.com port 443 (#0)
* Trying 66.135.210.61...
* Connected to www.ebay.com (66.135.210.61) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using SSL_RSA_WITH_RC4_128_MD5
* Server certificate:
* subject: CN=www.ebay.com,OU=Site Operations,O=eBay Inc.,L=San Jose,ST=California,C=US
* start date: Jun 06 00:00:00 2013 GMT
* expire date: Jun 07 23:59:59 2014 GMT
* common name: www.ebay.com
* issuer: CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
> GET / HTTP/1.1
> User-Agent: curl/7.32.0
> Host: www.ebay.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: http://www.ebay.com/
* no chunk, no close, no size. Assume close to signal end
<
* Closing connection 0
* Maximum (0) redirects followed
curl: (47) Maximum (0) redirects followed
Perché i siti Web impongono il testo in chiaro HTTP mentre supportano SSL, esponendo così le abitudini di navigazione dell'utente alle intercettazioni?