Patch My PC Making Plain HTTP (Port 80) Requests

[RVST]

The Patch My PC application is making requests over plain HTTP (Port 80).

Some of them are expected, for example TLS certificate revocation checking to http://ocsp.digicert.com/, which is normal.

However, some of them are requests to Patch My PC's own host over plain HTTP (Port 80).  While Cloudflare returns a "301 Moved Permanently" response and it gets upgraded to a HTTPS (Port 443) TLS 1.2 connection, is there a reason why Patch My PC does not request HTTPS in the first place?

Example requests over HTTP:

Code Select Expand

http://patchmypc.com/freeupdater/definitions/definitions.xml

http://patchmypc.com/redirect.htm?V=4.5.0.4&OS=Win10&SILENT=0

http://patchmypc.net/redirected.htm?source=app

[Justin Chalfant (Patch My PC)]

The Patch My PC application is making requests over plain HTTP (Port 80).

Some of them are expected, for example TLS certificate revocation checking to http://ocsp.digicert.com/, which is normal.

However, some of them are requests to Patch My PC's own host over plain HTTP (Port 80).  While Cloudflare returns a "301 Moved Permanently" response and it gets upgraded to a HTTPS (Port 443) TLS 1.2 connection, is there a reason why Patch My PC does not request HTTPS in the first place?

Example requests over HTTP:

Code Select Expand

http://patchmypc.com/freeupdater/definitions/definitions.xml

http://patchmypc.com/redirect.htm?V=4.5.0.4&OS=Win10&SILENT=0

http://patchmypc.net/redirected.htm?source=app

Thanks for reporting this, we will be making the initial request in HTTPS very soon. We'll have an update with some pretty significant changes that will include this change.