GitLab

When someone visit website , and that website configured TLS to be useless and vulnerable to MITM (not checking if there is "Protocol Support" and "Cipher Strength") then this is real flaw of HTTPS-Everywhere to pass this as secure connection.

E.g to make this very clear:

https://www.ssllabs.com/ssltest/analyze.html?d=zu.ac.ae

This is an F website and allows MITM due to insecure renegotiation. But when you visit the website while HTTPS-Everwhere enabled it will not read it as insecure connection or even showing yellow sign that the connection is not encrypted (by the lock browser).

So whether this HTTPS-Everywhere flaw or TBB , something is wrong here.

Trac:
Username: bo0od