Chrome downgrades long-running requests from HTTPS to HTTP (bug)

Thursday, April 28, 2022

Interesting bug was discovered in Chrome, describing the behaviour of the browser downgrading long-running requests from HTTPS to HTTP after 3 seconds of waiting for a response. Chrome is cancelling the first request after 3s, then requests the same URL again, this time via HTTP, instead of the original HTTPS. Chrome downgrading HTTPS to HTTP Here are the steps to reproduce this issue: Open a new incognito window Create a new throttling profile in the network tab with settings (1.…more

Introducing Digest Email

Tuesday, January 18, 2022

New notification mode In January 2022, we have released a new notification mode. It comes as an addition to our standard daily emails (one email per domain name) and weekly Slack digests. Once enabled, the Digest email mode replaces daily individual emails, compiling together expiration information for all domain names under your account. Here’s how to enable Digest emails: Navigate to the Notification preferences menu in your account In the Digest email section, select “Digest email” and click on “Update notification preferences” Digest email in Notification preferences Give it a try It is possible to receive a Digest email before deciding whether to switch to this notification mode.…more

Let's Encrypt Root Certificate Expiration

Wednesday, May 12, 2021

On September 30, 2021, the older root certificate of Let’s Encrypt will expire (the DST Root CA X3). Here’s what happens after that date: Older devices that do not receive software updates will not trust the certificates from Let’s Encrypt anymore (for example, iPhone 4). This is because such devices will not have the new root certificate installed with software updates (the ISRG Root X1) Modern devices already contain the new certificate, ISRG Root X1, in their list of root certificates.…more

Time to eliminate obsolete TLS protocol configurations – NSA

Monday, February 1, 2021

The National Security Agency (NSA) recommends replacing obsolete protocol configurations with ones that utilise strong encryption and authentication to protect sensitive information. Over time, new attacks against Transport Layer Security (TLS) and the algorithms it uses have been discovered. Network connections employing obsolete protocols are at an elevated risk of exploitation by adversaries. NSA recommends that only TLS 1.2 or TLS 1.3 be used; and that SSL 2.0, SSL 3.0, TLS 1.…more

HTTPS-only mode in Firefox 83

Sunday, December 13, 2020

In November, Mozilla introduced the HTTPS-only Mode, a brand-new security feature available in Firefox 83. Here’s what happens when you enable HTTPS-only Mode: Firefox attempts to establish fully secure connections to every website (even for the http:// addresses), and Firefox asks for your permission before connecting to a website that doesn’t support secure connections. More information available on the official blog of Mozilla.

Our New Homepage

Wednesday, October 21, 2020

At some point we have realised that our, then-current, homepage was far from optimal. It didn’t provide enough of clear, well-structured information about what is it that SSLreminder is doing. We decided to change that. Prototyping in progress Since we don’t have a full-blown team of front-end engineers and UI/UX designers, all the thinking, prototyping and implementation was done by our techies. (Spoiler: they did quite a good job over there, feel free to check it out here)…more

Digicert to Deprecate the OU Field

Sunday, September 27, 2020

Why is the OU field being removed? Oftentimes confusing, the OU field is intended to keep the information about Organizational Unit that the certificate is issued for. This field is mostly optional and there is no generally accepted validation rules for it. To reduce confusion around this field and improve validation times, Digicert is going to remove it from future ordering processes. How does this affect me? As a customer of Digicert you’ll notice the following changes:…more

Google Chrome Will Limit SSL/TLS Certificates to 1 Year of Validity

Monday, June 15, 2020

On the 10th of June a CA/Browser Forum representative informed through Twitter that as of September 1 2020 Google Chrome will start limiting SSL/TLS certificates validity period to 398 days, or a bit over 1 year. So what exactly does this change mean for a website owner or administrator? Since the maximum certificate validity will be cut in about half, the chance to miss extension date will simply become twice as big.…more

Why Do You Need SSL

Sunday, May 17, 2020

Welcome back to our blog. Today we are going to find out why do we actually need SSL and what is the benefit of having it enabled. There are 2 protocol groups that provide secure communication over the Internet - SSL and TLS. For the sake of simplicity we are going to call them “SSL” as a group, but we actually mean both, so read it as “SSL/TLS”. Sometimes SSL is also called HTTPS, which is a different thing, but again for our discussion does not matter much.…more

Current State of SSL/TLS Support

Thursday, May 7, 2020

Welcome back to the SSLreminder blog. Today we’re looking at the current state of the SSL ecosystem with regards to TLS (SSL) protocol support by modern websites. In order to get the data we have turned to SSL Pulse, a monitoring tool by SSL Labs. It is a continuous and global dashboard for monitoring the quality of SSL/TLS support over time across 150,000 SSL- and TLS-enabled, most popular websites in the world.…more