[BartSimpson]

Just passing this along that the upcoming version 68 of Google Chrome will tell users when they click on an HTTP site that is "Not secure".

For us beta testers it looks like this:

[bootlegga]

I've been seeing that for the past year at least.

[BartSimpson]

A source I can't cite says that sometime next year the major browsers will stop allowing connections to HTTP sites.

It's about time.

[Freakinoldguy]

BartSimpson wrote:

A source I can't cite says that sometime next year the major browsers will stop allowing connections to HTTP sites.

It's about time.

So will they still allow the HTTP"S" sites or is this a blanket ban?

https://arstechnica.com/information-tec ... -using-it/

[herbie]

Nah it's a concerted scam to milk every domain owner for money.
I own oodles of domains, none sell. Only one allows you to register and post. GoDaddy would love to milk me $100 per domain per year, so much so they phone twice a week from 32 different numbers.
Used to get my own site certificates when I built the servers, now the hosts make it as difficult as possible and they need to be renewed every 3 months.

[BartSimpson]

Freakinoldguy wrote:

BartSimpson wrote:

A source I can't cite says that sometime next year the major browsers will stop allowing connections to HTTP sites.

It's about time.

So will they still allow the HTTP"S" sites or is this a blanket ban?

https://arstechnica.com/information-tec ... -using-it/

Just my impression of it is that the Feds are telling the net firms that if they independently ban HTTP sites then the Feds will have their back if anyone complains about it.

So not exactly a regulation but more a wink and a nod that the net firms can do something that they've long wanted to do.

Just myself, but I'm okay with it because it'll make HTTPS more widespread and more affordable.

[DrCaleb]

Firefox has been putting up a warning if you try to connect to an improperly (self signed) page for months now.

herbie wrote:

Nah it's a concerted scam to milk every domain owner for money.
I own oodles of domains, none sell. Only one allows you to register and post. GoDaddy would love to milk me $100 per domain per year, so much so they phone twice a week from 32 different numbers.
Used to get my own site certificates when I built the servers, now the hosts make it as difficult as possible and they need to be renewed every 3 months.

Or, you can get a free certificate.

https://letsencrypt.org/

[herbie]

That's what I'm using.
Don't forget, if your bookmark is set to www.domain.com it will continue to show the warning. I have to actually enter https://www.mydomain.com for it to show secure info w letsencrypt cert.