0

I know there is a similar post, but I thought this one is different because I do not get this consistently, the message and icon are different. Please compare the message with that of the so-called "duplicated" question, so you can see the difference. Any light shed on this will be appreciated.

Chrome shows the following:

enter image description here

Hong
  • 103
  • 3
  • It's probably because SHA1 and TLS1.0 are deprecated, SHA-256 and TLS1.2 are considered the current standards. – Mike Ounsworth May 08 '15 at 15:07
  • 2
    @raz Hong specifically pointed out the similarity and differences of his question in his post. He wants to know why he gets this occasionally as opposed to everytime and I don't see an answer for that on the linked post. – amccormack May 08 '15 at 15:07
  • @Hong When you say "get consistently", you do mean connections to the same site, correct? Same domain (including subdomain) and always using HTTPS? – amccormack May 08 '15 at 15:08
  • Yes, I was talking about the same site that I manage. I have not noticed this with other websites, but this does not mean it has not happened. I noticed this with my website because I pay much more attention to it than others. The message is bit confusing. It also talks about mixed contents. I am wondering if Chrome has messed up the message. – Hong May 08 '15 at 15:56

1 Answers1

1

There are two pieces of information in the message:

  1. The site has outdated encryption. The site is probably using something less than TLS 1.2. You should probably fix it but not a big deal.
  2. The page is loading an insecure component. This can be 3rd-party widgets, ads, analytic code, social bookmark buttons, etc...

I'm guessing that you only get the message when both are true. I'm also assuming that you haven't run into a Chrome bug.

The intermittent nature makes me think that you have some JavaScript on the page that is dynamically choosing what URL to insert into the page. Sometimes this URL uses HTTPS, other times it uses HTTP. You get the error message when it's HTTP. This JavaScript can be in your page or one of the components that your page uses.

Please post when you find an answer. This is a fun one.

Neil Smithline
  • 14,702
  • 4
  • 38
  • 55
  • Thank you for trying to help out here. What relatively new is the share button bar from AddThis.com, but I am not 100% sure this issue started to occur after I added the bar. I am experiencing this again at this moment wit Chrome running on Windows 8.1. – Hong May 08 '15 at 18:49
  • You can install [netmon](https://www.microsoft.com/en-us/download/details.aspx?id=4865) and see if you can catch the HTTP URL that gets opened. You probably will be able to figure out what is going on from that. – Neil Smithline May 08 '15 at 19:35
  • It have changed an HTTP link to HTTPS, and this seems to have remedied the problem. I will come back tomorrow and report with more certainty. – Hong May 08 '15 at 20:25
  • I am confident now that the problem has been fixed. I think it has to do with No.2, and has nothing to do with No.1 because the only thing that I did to fix it is replacing a few HTTP links with corresponding HTTPS links. The website has a modern certificate. I may need to retract my statement regarding it happened intermittently. It happened with only some pages, but not with others. I probably mistook it as happenign intermittently. – Hong May 10 '15 at 00:44