

19.5% of HTTPS sites trigger browser warnings because of SHA-1 certificates - declan
http://www.elie.net/blog/security/19.5-percent-of-https-sites-trigger-browser-warning-as-they-use-sha-1-signed-certificates

======
declan
On a related note, I submitted this article with an HTTPS URL and HN parsed it
as a blank page (but http obviously worked). You can see that blank page here:
[https://news.ycombinator.com/item?id=8982899](https://news.ycombinator.com/item?id=8982899)

My guess is that HN doesn't support the SNI extension to HTTPS, so it's unable
to parse certain sites. Y'all should fix this.

I should note that (assuming the SNI theory is correct) that HN isn't alone.
My understanding is that Twitter didn't support SNI until last month and some
other major sites still don't.

~~~
mtmail
"Y'all should fix this" \- there is a 'support' link in the footer to email
the HN administrators.

