According to a post on the Google Online Security Blog, beginning in January 2017 Google Chrome will begin flagging all sites that use traditional HTTP rather than HTTPS for passwords or other sensitive information as "insecure". It also indicates that Google plans to eventually start flagging ALL traditional HTTP-only sites as "insecure". While HTTPS has always made sense for truly sensitive information, a pure HTTPS web does have implications for legacy tools - essentially if anyone is not using the absolute latest of one of the "big three" web browsers, they will always potentially be just one security update away from being locked out of the web.
(Score: 3, Informative) by Gravis on Sunday September 11 2016, @07:00PM
this is a very naive view of TLS. what it fails to mention is...
(Score: 1, Informative) by Anonymous Coward on Sunday September 11 2016, @09:21PM
so that even if your program is out of date, your security is still up to date
Or like my grandparents router that has not seen an update for 3 years? or my cablemodem that has not seen an update for 2.
But at least my browser is probably secure!
(Score: 3, Insightful) by shortscreen on Monday September 12 2016, @09:04AM
On the last version of real Opera (12.whatever) I am starting to see sites that refuse to connect. "Fatal Error: Unable to Establish Secure Connection." I assume this has something to do with the HTTPS fad.
(Score: 3, Interesting) by Aiwendil on Monday September 12 2016, @05:18PM
I'm stuck at bith the rock and the hard place..
Both in that O12 refuses any letsencrypt-certs ansĀ“d that some of my old routers still using ssl old enough (only inside a lan) that it requires me to tell firefox to violate security in order to use it..
So basically I'm at the point of needing four browsers just in order to surf..