Can someone explain what may be going on here…
I was trying to update a Broadcom Bluetooth driver (BTW_12.0.1.940_win8_10_x64.zip) for a Win10 install on an older laptop. Initially (Aug 8), I used Https to connect to Broadcom’s site but Firefox complained about an untrusted intermediate certificate; so did Chrome, but let me connect. I downloaded the driver file over https on Chrome. I also downloaded the file on a different PC using http with Firefox and noticed a different file size and sha256sum.
No matter what machine/browser/OS I use, whether I use a proxy or not or if I use a different ISP, the file I receive over https is always 77 bytes larger than the one over http. Each version has a consistent sha256sum but different from each other.
I had VirusTotal check both versions of the file and they came back clean. SSLLabs indicates an incomplete server certificate chain for Broadcom, but yesterday FF didn’t complain as much and let me connect without asking to make an exception.
What would explain the files having a different sha256sum and size just because it was downloaded over this https environment? What security/vulnerability is here?