2

It often happens that I just want to browse some website, but the site has broken encryption (like an invalid certificate, an expired certificate, a CA that is down and so on) and the browser refuses to display the page.
This is much appreciated when dealing with things like online banking, but if I have no intention of doing anything privacy-sensitive (like signing in or sending personal information), I just find this as a hindrance.

Just replacing https://... with http://... would allow you to establish a plain old unencrypted connection in the past, but nowadays most sites automatically redirect you to a secured connection. Some of these errors can be circumvented by forcing the browser to accept a certificate exception, but this is unwieldy and can become a security risk if I forget to remove the dubious cert afterwards.

Is there a way to force a browser to only accept plaintext connections, only for a single misbehaving domain, and preferably for just a single session? I personally use Firefox, but details about other browsers are welcome too.

Improve this question
9
  • 1
    "but nowadays most sites automatically redirect you to a secured connection." You have no control over that -- if their webserver redirects HTTP requests to HTTPS, then you're SOL.
    – Ƭᴇcʜιᴇ007
    Commented May 1, 2017 at 19:06
  • Most browsers other then Firefox allow you to connect to an unsafe site without adding an exception.
    – Tesseract
    Commented May 1, 2017 at 19:33
  • What makes you so sure you're talking to the real site, and not an imposter that copied their HTML and DNS-hijacked you?
    – Spiff
    Commented May 1, 2017 at 20:10
  • Is this for a trusted, internal server?
    – Cory Knutson
    Commented May 1, 2017 at 20:21
  • 1
    Ideally you should not access websites facing security issue in the browsers. As you know about the "Add exception" option to access those sites but you must not check "Permanently store this exception" for future consideration. Otherwise browsers will bypass security warning for particular sites.
    – Gunjan Tripathi
    Commented May 2, 2017 at 6:51

1 Answer 1

Reset to default
2

There isn't really any way to request only non-encrypted connections if the server itself is forcing a redirect. However, you should be able to 'Permanently store' and exception as follows:

  1. Click 'Advanced' on the 'Your connection is not secure' page enter image description here
  2. Next, click the 'Add Exception...' button enter image description here
  3. Ensure that the box for 'Permanently store this exception' is selected, and then click 'Confirm Security Exception' enter image description here
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .