• Welcome to Support Forum: Get Support for Patch My PC Products and Services.
 

Patch My PC Making Plain HTTP (Port 80) Requests

Started by RVST, February 23, 2024, 07:21:57 PM

Previous topic - Next topic

RVST

The Patch My PC application is making requests over plain HTTP (Port 80).

Some of them are expected, for example TLS certificate revocation checking to http://ocsp.digicert.com/, which is normal.

However, some of them are requests to Patch My PC's own host over plain HTTP (Port 80).  While Cloudflare returns a "301 Moved Permanently" response and it gets upgraded to a HTTPS (Port 443) TLS 1.2 connection, is there a reason why Patch My PC does not request HTTPS in the first place?

Example requests over HTTP:
http://patchmypc.com/freeupdater/definitions/definitions.xml

http://patchmypc.com/redirect.htm?V=4.5.0.4&OS=Win10&SILENT=0

http://patchmypc.net/redirected.htm?source=app


Justin Chalfant (Patch My PC)

Quote from: RVST on February 23, 2024, 07:21:57 PMThe Patch My PC application is making requests over plain HTTP (Port 80).

Some of them are expected, for example TLS certificate revocation checking to http://ocsp.digicert.com/, which is normal.

However, some of them are requests to Patch My PC's own host over plain HTTP (Port 80).  While Cloudflare returns a "301 Moved Permanently" response and it gets upgraded to a HTTPS (Port 443) TLS 1.2 connection, is there a reason why Patch My PC does not request HTTPS in the first place?

Example requests over HTTP:
http://patchmypc.com/freeupdater/definitions/definitions.xml

http://patchmypc.com/redirect.htm?V=4.5.0.4&OS=Win10&SILENT=0

http://patchmypc.net/redirected.htm?source=app



Thanks for reporting this, we will be making the initial request in HTTPS very soon. We'll have an update with some pretty significant changes that will include this change.