Twitter gets EV SSL but is the message correct?
This would normally go on SSLFail.com but due to a server outage, I decided to just post it here...
Tim Callan, SSL Evangelist for Verisign, has posted a brief comment that Twitter now enjoys the added cost... um... protection... of EV SSL. I decided to check this out, so I visited https://www.twitter.com and was greeted by my biggest internet pet peeve, a website where only the www or non-www version works properly.
I decided to remedy this and use https://twitter.com, however I still couldn't get any green demonstrating EV SSL
Of course, this was probably just a Firefox problem... I'll use the new kid in town, Chrome...
Hrm... now I'm confused, perhaps Firefox and Chrome both have some sort of problem, because I should be getting the glorious green that is EV SSL somewhere in my address bar. I figured I'd try Internet Explorer first though because I don't want to be accused of prematurely pointing out why Tim's comment is wrong and why EV SSL is useless.
Again, mixed content errors... this time complete with the famous IE pop-up.
Alas, all is not lost... EV SSL and the glorious green bar is available on Twitter. You simply need to provide your credentials on the page with the "broken SSL" and then, after login, you'll be presented with the wonderful green bar.
Now maybe it's just me... but it seems that this is sending the wrong message to most users.