Page 1 of 1

Member Facilities Apparent HTTPS Error

Posted: Thu Mar 19, 2015 11:55 pm
by csouter
Hi, all!

In the last few days, the "https://" Padlock icon for the Member Facilities in Google Chrome has been showing as crossed out.

Clicking on the icon produces a report which states, among other things that the connection is encrypted with obsolete cryptography.

I tried to attach a screenshot of the report, but I got an error message: "Sorry, the board attachment quota has been reached."

Could someone please investigate and report back ASAP?

Could someone also please explain what the board attachment quota is, and how I could have reached it? (I don't remember ever having uploaded any attachments before).

Re: Member Facilities Apparent HTTPS Error

Posted: Fri Apr 17, 2015 8:49 am
by kookaburra2
At http://www.itcs.umich.edu/web/chrome41.php it says: "Sometime in Spring 2015, Google Chrome version 42 (available in beta as of March 2015) is expected to be released. This version of Chrome flags as insecure sites with SSL (Secure Sockets Layer) certificates that use SHA-1 instead of SHA-2."
Chrome version 42 was released a few days ago.
Exetel: Are you using SHA-1 still?

Re: Member Facilities Apparent HTTPS Error

Posted: Fri Apr 17, 2015 12:08 pm
by Dazzled
You can read the whole connection certificate data using openssl s_client if you have it installed. Use the -showcerts argument.

If you are only interested in ssl3, use -ssl3. You will get a handshake failure message.