TBB Gives HTTPS Green Lock for misconfigured SSL/TLS
I have just reported a flaw with passing a misconfigured ssl/tls certificate which is allowing MITM. I reported that against https-everywhere but they answered it that https-everywhere doesnt access ssl info. So maybe it is a browser level issue?
otherwise really what is the use of green lock and https-everywhere plugin if a website pretend to be having ssl/tls connection while in fact its just fake one and MITM is possible through it ?
HTTPS-Everywhere Github Ticket: