you should be able to tell?
becasue your web browser would show http? instead of https?
if i'm understand this correctly?
According to
this website, yes. They said the following.
To bypass TLS encryption that’s designed to prevent such attacks, ssler actively tries to downgrade HTTPS connections to plaintext HTTP traffic. It then changes request headers to signal that the end point isn’t capable of using encrypted connections. Ssler makes special accommodations for traffic to Google, Facebook, Twitter, and Youtube, presumably because these sites provide additional security features. Google, for example, has for years automatically redirected HTTP traffic to HTTPS servers. The newly discovered module also strips away data compression provided by the gzip application because plaintext traffic is easier to modify.
Some of my domains for example provide only HTTP, some only HTTPS, and I think one does both. The ones that only allow HTTPS like this one are safe. At least they make it sound like they are. I would really be surprised if my SSL was broken but if tch has taught me anything its don't be surprised.
While HTTP Strict Transport Security and similar measures designed to prevent unencrypted Web connections may help prevent the HTTP downgrade from succeeding, Williams said those offerings aren’t widely available in Ukraine, where a large number of the VPN-infected devices are located. What’s more, many sites in the US and Western Europe continue to provide HTTP as a fallback for older devices that don’t fully support HTTPS.
