31 Jul 2018
Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Maintained by Hanno Böck.
With its recently released version 68, the Google Chrome browser introduced warnings on all web pages not using HTTPS. A “Not secure” label appears to the left of the URL for every page loaded over HTTP.
This step was announced in February, but it’s been expected for quite a while. Google aims to make HTTPS the default on the web and eventually wants to remove “positive” security indicators like the green lock.
Right now, the warning is still in its mildest versions. Future versions will likely contain a red warning sign, as Google has explained previously.
On the day Chrome enabled the warnings by default, security researchers Troy Hunt and Scott Helme started the Why No HTTPS? Project, which lists popular web pages that don’t default to HTTPS yet and also can show them sorted by country. The most popular page not defaulting to HTTPS is the Chinese search engine Baidu; the most popular non-Chinese page in the list is Twitter’s URL shortening service, t.co.
This subscription is just for the newsletter; we won't send you anything else.
Designed by Ivan Ristić, the author of SSL Labs, Bulletproof SSL and TLS, and Hardenize, our course covers everything you need to know to deploy secure servers and encrypted web applications.
Remote and trainer-led, with small classes and a choice of timezones.
Join over 1,500 students who have benefited from more than a decade of deep TLS and PKI expertise.