Palemoon won't show "untrusted connection"

[Toa-Nuva]

So you are in the "https everywhere/http nowhere camp".

No, I'm not. I'm just explaining why the HTTPS connection is refused (and should be refused, as the whole point of HTTPS is security, and the security cannot be ensured in this case).

Here's an analogy:
Case 1: I meet someone who simply tells me her name is Alice. (Analogous to: The server does not offer HTTPS.)
Case 2: I meet someone who shows me an ID card that has the name "Bob" on it, and earnestly insists that this ID card proves that he/she is Alice. (Analogous to: arboreumco.com tries to identify themselves by showing you herokuapp.com's ID card/certificate.)
I'm more inclined to believe her in case 1 than in case 2. If you think there's nothing suspicious about case 2 and decide to trust her, that's your decision. But the browser has every reason to warn you that something is wrong.

Possibly you could argue that therefore trusting it is as safe as 'security by obscurity'

I'm not even sure how security by obscurity would come into play here.

[Joel Cairo]

Possibly you could argue that therefore trusting it is as safe as 'security by obscurity'

I'm not even sure how security by obscurity would come into play here.

If you trust it because there is no obvious advantage to spoofing it, maybe that's a reasonable bet; but maybe a more devious adversary has a non-obvious purpose in spoofing the site - in which case one's trust - thus security - is illusory.

I'll get back to the preceding argument when I have some free time.

[Tony0945]

I don't see any "i understand the risks" option. Had I seen it we wouldn't be having this conversation. Perhaps a different version of Palemoon incorporates that statement, but I'm using version 25.7.0 (Atom/WinXP).

I'm using the same version (on XP sp3) and had no problem with your link and perusing the trees for sale. As a fellow fruit tree nut, I thank you for the link which I've bookmarked.

I also had no problem with Linux x86_64 versions, neither the direct binary download or the compiled source version (Gentoo overlay). I think the answer must lie in your preferences.

Off-topic:
P.S. I don't want to wander off topic, but a VAST variety of apple trees including custom grafts are available from Maple Valley in Wisconsin, http://www.maplevalleyorchards.com. I've dealt with them for years. Thanks again for the California link.

[jbclem]

Tony...it's interesting that your WinXP doesn't have the problem I'm(and others are) having. There must be a clue somewhere in that. Are you using http or https? And if http, can you see your browser changing it to https when you try to bring up the arboreum website? Do you have an older version of Palemoon?

The arboreum fruit trees are the best quality, their roots look like they are at least one year older than what you usually can get. The problem is very limited stock which changes every year. I do check the Maple Valley website every year for scionwood, but haven't ordered from them

[Thehandyman1957]

Tony...it's interesting that your WinXP doesn't have the problem I'm(and others are) having. There must be a clue somewhere in that. Are you using http or https? And if http, can you see your browser changing it to https when you try to bring up the arboreum website? Do you have an older version of Palemoon?

The arboreum fruit trees are the best quality, their roots look like they are at least one year older than what you usually can get. The problem is very limited stock which changes every year. I do check the Maple Valley website every year for scionwood, but haven't ordered from them

I have tried your suggestion and watched very carefully and it never changed from Http at all. Just went straight to the site. I would be very worried at this point for you. Honestly, even when using Encrypted Web it does not show an option at all for Https: To me this is a red flag as it means that the site does not even offer a Https: version of their site. This to me seems to me like a spoof site. I am using Xp Pro with sp3. At this point I would be thinking either my browser is compromised, as you state that even in safe mode it does the same thing or your computer is compromised. I.E. your DNS server settings could be messed with. Someone else can comment on this.

[Tony0945]

Tony...it's interesting that your WinXP doesn't have the problem I'm(and others are) having. There must be a clue somewhere in that. Are you using http or https? And if http, can you see your browser changing it to https when you try to bring up the arboreum website? Do you have an older version of Palemoon?

When I type http or use the bookmark, it does not change to https. If I type https, then I get the untrusted connection warning. Using palemoon 25.7.0 from this official link http://www.palemoon.org/palemoon-atom.shtml , which now downloads 25.7.1, but was 25.7.0 when I downloaded it. It may be time to run a malware scan.