Can't connect to any domain other than fastmail.fm

[curmudgeon]

The result in the web browser is obvious, but for additional evidence:

Code:

$ wget -S -c 'https://www.fastmail.fm/'
--2014-06-26 23:52:56--  https://www.fastmail.fm/
Resolving www.fastmail.fm... 66.111.4.56, 66.111.4.55
Connecting to www.fastmail.fm|66.111.4.56|:443... connected.
HTTP request sent, awaiting response... 
  HTTP/1.1 200 OK
  Server: nginx
  Date: Thu, 26 Jun 2014 23:52:57 GMT
  Content-Type: text/html; charset=utf-8
  Content-Length: 17407
  Connection: keep-alive
  Set-Cookie: s_=1%3Bnyi%3Bnyi%3B2b3049a55be534e0d094ced91fca1e37%3B1403826777%3Bdb76b2a1fc635c14336ae279ff42a10419b53267; path=/; domain=www.fastmail.fm; secure; HttpOnly
  X-Backend: web4
  X-UA-Compatible: IE=Edge
  X-Frontend: frontend2
  X-Frame-Options: SAMEORIGIN
  X-Content-Type-Options: nosniff
  Strict-Transport-Security: max-age=31536000
  Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' https://api.pin.net.au 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src data:; img-src *; media-src 'none'; object-src 'none'; frame-src *; report-uri /log/csp
Length: 17407 (17K) [text/html]
Saving to: ‘index.html’

100%[=============================================================================================================>] 17,407      --.-K/s   in 0s      

2014-06-26 23:52:57 (55.5 MB/s) - ‘index.html’ saved [17407/17407]



$ wget -S -c 'https://www.fastmail.net/'
--2014-06-26 23:53:05--  https://www.fastmail.net/
Resolving www.fastmail.net... 66.111.4.79
Connecting to www.fastmail.net|66.111.4.79|:443... failed: Connection refused.
Retrying.

--2014-06-26 23:53:07--  (try: 2)  https://www.fastmail.net/
Connecting to www.fastmail.net|66.111.4.79|:443... failed: Connection refused.
Retrying.

--2014-06-26 23:53:09--  (try: 3)  https://www.fastmail.net/
Connecting to www.fastmail.net|66.111.4.79|:443... failed: Connection refused.
Retrying.

[...]

[robn]

This is by design. We don't have certificates for all our alternate domains and so don't want to serve HTTPS for them as it tends to confuse users (big red "nasty site" warnings) and Google, which mis-indexes things. Also, we really want a consistent message that you should only ever enter your password on www.fastmail.fm (and later, when you see the green "FastMail Pty Ltd" badge, but we're not there yet).

The unencrypted http://www.fastmail.net/ will work, redirecting you to https://www.fastmail.fm/ for login.

[curmudgeon]

Did that change recently, or am I hallucinating again?

[n5bb]

Quote:

Originally Posted by curmudgeon

Did that change recently, or am I hallucinating again?

The latter.

Four years ago in 2010 the redirection took place during the login process:
New http://m., http://old., http://beta. and http://ssl. site prefixes

Then two years ago in 2012 the current immediate redirection was put in place:
Changes to webmail login

Bill

[robn]

This was a later change again. Basically removes the first two of the "(W)" cases (base and m. domains). ssl.domain continues to work and send a warning.

The main motivator for it was that when you searched for "fastmail" on google.co.uk, it would return https://fastmail.co.uk as the first result, which would give a browser warning when clicked. We spent a lot of time with the Google webmaster tools to try and make it not index it, but couldn't make it work. So we opted to stop serving HTTPS on those domains altogether rather than have Google serve up incorrect stuff that might scare off new users.