PK Website

[Emulator]

I notice that the symbols on this webpage upper left corner indicate that the connection is not secure. What do the experts say?

 

[stratman]

I've already PM'ed Nifty about this. Awaiting a reply.

Last time this happened it was about "unsecure" emoticons on the page, IIRC.

 

[Emulator]

The significance of this is not to be dismissed lightly, best described in the following:-
https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/

 

[Redbrickman]

A whynopadlock.com test shows...


"You currently have TLSv1 enabled.
This version of TLS is being phased out. This warning won't break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018."

This error is fairly common on a lot of websites at the moment when tested. No other errors were identified on the test.

Over to Nifty who I am sure will have the answer

 

[stratman]

https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/

Mixed content blocking was FireFox's answer back in version 23. Since version 55, Firefox allows mixed secure content so as not to break a web page and is the reason for the following security alert in the address window of Firefox browsers when viewing pages of this forum. (black padlock with superimposed yellow triangle)

The explanation from this link:

When a user visits a page served over HTTPS, their connection with the web server is encrypted with TLS and is therefore safeguarded from most sniffers and man-in-the-middle attacks. An HTTPS page that includes content fetched using cleartext HTTP is called a mixed content page. Pages like this are only partially encrypted, leaving the unencrypted content accessible to sniffers and man-in-the-middle attackers. That leaves the pages unsafe.

How to diagnose (eg use an HTTPS checker) and fix this issue (make the remnant HTTP content requests from HTTPS content) are found in the link above.

 

[The Hat]

It’s all a Firefox in a Tea Cup, relax guys the cavalry are coming..

 

[SkedAddled]

I see no flags of insecurity with updated Chrome on Win7x64.

 

[stratman]

I see no flags of insecurity with updated Chrome on Win7x64.

Probably because Chrome is written to ignore this mixed secure content event. Netscape shows you the warning.

MS Edge shows no mixed content warning, but, the forum is "only" a grey lock and not a green lock leaving us to wonder if Rob is really Nifty.

... a grey lock means that the website is encrypted and verified, a green lock means that Microsoft Edge considers the website more likely to be authentic. That’s because it’s using an Extended Validation (EV) certificate, which requires a more rigorous identity verification process.

 

[Emulator]

This explains some of the differences:-

https://developer.mozilla.org/en-US...content/How_to_fix_website_with_mixed_content

 

[The Hat]

I switched to using Firefox a short while ago because Explorer was getting a bit aged and was having a few problems on some websites, but now all my issues have been sorted.

Here is a Pic of the two Apps together Firefox on top and Explorer on bottom, notice how Explorer doesn’t see any problems with the PK web address..