-
Google to phase out the address bad padlock icon in Chrome
Thursday, May 4, 2023
Google plans to replace the padlock icon indicating website security in Chrome with a “tune” icon in September 2023 as part of a browser redesign. Google’s research found that only 11% of participants understood the intended purpose of the lock icon. The new icon better represents control menus and encourages users to click through to access more information about their security and connection settings. Over 95% of Chrome webpages loaded on Windows now use HTTPS, making it the default connection.…more
-
Open letter to the British government from online messengers
Sunday, April 30, 2023
The EU’s proposed “chat control” legislation and the UK’s Online Safety Bill are both under the pretext of child protection. Still, they also enable full-scale surveillance of chat communication without probable cause. That is why seven messenger applications (Element, Session, Signal, Threema, Viber, WhatsApp, and Wire) published an open letter in opposition to the UK’s Online Safety Bill currently in the House of Lords. To read the letter, head over to Threema’s website: https://threema.…more
-
Chrome downgrades long-running requests from HTTPS to HTTP (bug)
Thursday, April 28, 2022
Interesting bug was discovered in Chrome, describing the behaviour of the browser downgrading long-running requests from HTTPS to HTTP after 3 seconds of waiting for a response. Chrome is cancelling the first request after 3s, then requests the same URL again, this time via HTTP, instead of the original HTTPS. Chrome downgrading HTTPS to HTTP Here are the steps to reproduce this issue: Open a new incognito window Create a new throttling profile in the network tab with settings (1.…more
-
Introducing Digest Email
Tuesday, January 18, 2022
New notification mode In January 2022, we have released a new notification mode. It comes as an addition to our standard daily emails (one email per domain name) and weekly Slack digests. Once enabled, the Digest email mode replaces daily individual emails, compiling together expiration information for all domain names under your account. Here’s how to enable Digest emails: Navigate to the Notification preferences menu in your account In the Digest email section, select “Digest email” and click on “Update notification preferences” Digest email in Notification preferences Give it a try It is possible to receive a Digest email before deciding whether to switch to this notification mode.…more
-
Let's Encrypt Root Certificate Expiration
Wednesday, May 12, 2021
On September 30, 2021, the older root certificate of Let’s Encrypt will expire (the DST Root CA X3). Here’s what happens after that date: Older devices that do not receive software updates will not trust the certificates from Let’s Encrypt anymore (for example, iPhone 4). This is because such devices will not have the new root certificate installed with software updates (the ISRG Root X1) Modern devices already contain the new certificate, ISRG Root X1, in their list of root certificates.…more
-
Time to eliminate obsolete TLS protocol configurations – NSA
Monday, February 1, 2021
The National Security Agency (NSA) recommends replacing obsolete protocol configurations with ones that utilise strong encryption and authentication to protect sensitive information. Over time, new attacks against Transport Layer Security (TLS) and the algorithms it uses have been discovered. Network connections employing obsolete protocols are at an elevated risk of exploitation by adversaries. NSA recommends that only TLS 1.2 or TLS 1.3 be used; and that SSL 2.0, SSL 3.0, TLS 1.…more
-
HTTPS-only mode in Firefox 83
Sunday, December 13, 2020
In November, Mozilla introduced the HTTPS-only Mode, a brand-new security feature available in Firefox 83. Here’s what happens when you enable HTTPS-only Mode: Firefox attempts to establish fully secure connections to every website (even for the http:// addresses), and Firefox asks for your permission before connecting to a website that doesn’t support secure connections. More information available on the official blog of Mozilla.
-
Our New Homepage
Wednesday, October 21, 2020
At some point we have realised that our, then-current, homepage was far from optimal. It didn’t provide enough of clear, well-structured information about what is it that SSLreminder is doing. We decided to change that. Prototyping in progress Since we don’t have a full-blown team of front-end engineers and UI/UX designers, all the thinking, prototyping and implementation was done by our techies. (Spoiler: they did quite a good job over there, feel free to check it out here)…more
-
Digicert to Deprecate the OU Field
Sunday, September 27, 2020
Why is the OU field being removed? Oftentimes confusing, the OU field is intended to keep the information about Organizational Unit that the certificate is issued for. This field is mostly optional and there is no generally accepted validation rules for it. To reduce confusion around this field and improve validation times, Digicert is going to remove it from future ordering processes. How does this affect me? As a customer of Digicert you’ll notice the following changes:…more
-
Google Chrome Will Limit SSL/TLS Certificates to 1 Year of Validity
Monday, June 15, 2020
On the 10th of June a CA/Browser Forum representative informed through Twitter that as of September 1 2020 Google Chrome will start limiting SSL/TLS certificates validity period to 398 days, or a bit over 1 year. So what exactly does this change mean for a website owner or administrator? Since the maximum certificate validity will be cut in about half, the chance to miss extension date will simply become twice as big.…more
Keep the business running