Jump to content

ERA 6.1.334.0 - SSL


ronmanp
 Share

Go to solution Solved by centrex,

Recommended Posts

Following these hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3724steps I can now encrypt traffic to/from the web console.

In IE it is trusted without any warnings which is what I want:

post-7438-0-97016100-1435937811_thumb.png

 

In Chrome I get this warning with a red streak through. 

post-7438-0-20802500-1435945574_thumb.png

 

I have many other web services and they don't have that issue with Chrome.

Anyone experiencing something similar?

 

Thanks,

Edited by ronmanp
Link to comment
Share on other sites

  • Solution

Thats part of Google's crusade against weak ciphers etc.

 

For example they are phasing out SHA-1

 

Summary

The use of SHA-1 within TLS certificates is no longer sufficiently secure. This is an intent to phase them out (in 2-3 years). In order to make such a phase-out execute smoothly, rather than be an Internet flag day, we will be degrading the experience when these certificates are used in the wild.

 

The following changes to Chromium's handling of SHA-1 are proposed:

- All SHA-1-using certificates that are valid AFTER 2017/1/1 are treated insecure, but without an interstitial. That is, they will receive a degraded UI indicator, but users will NOT be directed to click through an error page.

- Additionally, the mixed content blocker will be taught to treat these as mixed content, which WILL require a user action to interact with.

- All SHA-1-using certificates that are valid AFTER 2016/1/1 are treated as insecure, but without an interstitial. They will receive a degraded UI indicator, but will NOT be treated as mixed content.

Link to comment
Share on other sites

Thats part of Google's crusade against weak ciphers etc.

 

For example they are phasing out SHA-1

 

Summary

The use of SHA-1 within TLS certificates is no longer sufficiently secure. This is an intent to phase them out (in 2-3 years). In order to make such a phase-out execute smoothly, rather than be an Internet flag day, we will be degrading the experience when these certificates are used in the wild.

 

The following changes to Chromium's handling of SHA-1 are proposed:

- All SHA-1-using certificates that are valid AFTER 2017/1/1 are treated insecure, but without an interstitial. That is, they will receive a degraded UI indicator, but users will NOT be directed to click through an error page.

- Additionally, the mixed content blocker will be taught to treat these as mixed content, which WILL require a user action to interact with.

- All SHA-1-using certificates that are valid AFTER 2016/1/1 are treated as insecure, but without an interstitial. They will receive a degraded UI indicator, but will NOT be treated as mixed content.

Oh that's why other services I have running don't have that issue. It's because they expire before 2017/1/1. 

Thanks for that info. 

Looks I'll have to upgrade my CA then. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...