(In reply to Kai Engert (:KaiE:) from comment #29) > So, as I understand it, during the past 4 years, we never added any temporary overrides during auto config, because we had disabled discovery using the SSL/TLS protocol, and for STARTTLS no overrides were necessary. > - let's disable the code that attempts to temporarily allow invalid certificates > (new pref) Seems fine to me. I don't really understand why you would want to allow detection without requiring a manual override first anyway? If the server has an invalid certificate, it's reasonable to expect the user to manual override to connect to it *at all* even for discovery.
Bug 1520283 Comment 32 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Kai Engert (:KaiE:) from comment #29) > So, as I understand it, during the past 4 years, we never added any temporary overrides during auto config, because we had disabled discovery using the SSL/TLS protocol, and for STARTTLS no overrides were necessary. > - let's disable the code that attempts to temporarily allow invalid certificates > (new pref) Seems fine to me. I don't really understand why you would want to allow detection without requiring a manual override first anyway? If the server has an invalid certificate, it's reasonable to expect the user to manual override to connect to it *at all* even for discovery. Is there even any real use case for this other than personal servers with self-signed certificates???