chrome 63 ftp not secure

FTP sites will be marked Not Secure from Google Chrome 63

FTP sites will be marked as Not Secure with the release of Google Chrome 63 in December 2017

chrome 63 ftp sites not secure

Thats the direction of the discussion at https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/HknIAQwMoWo/xYyezYV5AAAJ

Although there have been plans to remove FTP support altogether, for now FTP sites will only be marked as Not Secure.

About FTP

FTP, or File Transfer Protocol, used with ftp:// requests is a decades-old network protocol that is used to transfer files between clients and servers. FTP does not encrypt traffic by default, making it susceptible to interception and manipulation by eavesdropping third parties.

FTP can be secured using an SSL/TLS, which in turn creates FTPS. Unfortunately, FTPS is not a widely-supported feature on most browsers, including Chrome, due to its low usage rate.

What are FTP sites?

FTP sites are locations from where you can use your browser to download large files such as the latest Linux OS distribution, or third-party softwares for your operating system.

However, since in time most software distribution services have moved to HTTPS download, and it is suggested the rest do the same.

 

SSL Certificate HTTPS browser display

HTTP To HTTPS In 15 Minutes For getSSL.in Customers

SSL Certificate HTTPS browser display

Now you can enable HTTPS access for your website in 15 minutes flat!

The team at getSSL by iWebz℠ (www.getssl.in) has just introduced a completely automated order process for new SSL/TLS certificate orders.

The File-based and CNAME-based domain validations are also now available in addition to the Email-based method.

Certificate files can be downloaded in ZIP format immediately after the Domain Validation step is completed.

As a result of this development the following steps can now be completed in just a few minutes:

  • Online Order Payment - typically 2-3 minutes
  • Certificate Enrollment with CSR - typically 4-5 minutes
  • Domain Validation (DV) check - typically within 4-5 minutes of Email validation (recommended)/1 hour of File validation/4 hours of CNAME validation
  • Certificate Files Download - immediately available after DV check is successful

Thats not all... Certificates can now be re-issued within minutes as well!

The certificate re-issue process will include a DV check if a new CSR is submitted, otherwise certificates will be re-issued and available for download within 5 minutes.

You can also request for certificates to be re-issued unlimited number of times before expiry of the certificate.

With the new order process we will provide the following benefits:

  • Fully online order process lets you control the speed of certificate generation.
  • Certificates can be downloaded within minutes of placing the order.
  • Certificate order status can now be tracked in real-time.
  • Certificate files can be downloaded on-demand any number of times.
  • Unlimited certificate re-issues on-demand within validity.
  • Lowest prices in India for Comodo, RapidSSL, Thawte, and GeoTrust certificates.
  • Payment accepted via Cards, Net Banking, UPI, and Digital Wallets.

Place an order for a Free SSL certificate* to practise certificate generation & installation, and try out the experience of ordering via getSSL.

Order Free SSL Certificate

*The Free SSL certificate is issued by RapidSSL and is issued only once per domain name.

 

broken https connection

GlobalSign Certificates Un-Trusted

GlobalSign Certificates Revoked

Users around the world have had trouble accessing some HTTPS-based websites due to a certificate revocation testing error at GlobalSign. Websites affected included those of the Financial Times, Guardian, Wikipedia, and Dropbox.

Most sites these days are installing SSL/TLS certificates to benefit from various options afforded by HTTPS connections. However, websites secured by GlobalSign had the opposite experience thanks to a goof-up by the Certificate Authority.

globalsign error shows wikipedia insecure

The Goof-up...

GlobalSign inadvertently triggered the revocation of its intermediary certificates while updating a special cross-certificate. The revocation of such a certificate was interpreted by some browsers and systems also as a revocation of the intermediate certificates that chained back to it. This broke the chain of trust and ultimately canceled SSL/TLS certificates issued to it's customers.

It could take until the beginning of next week for the accidentally revoked certificates to be corrected, leaving visitors unable to easily read their favorite webpages. Sales at affected e-commerce websites using GlobalSign SSL/TLS certificates will also be badly impacted.

Are you affected?

The problem will not hit everyone due to the wide range of caching and revocation policies employed by different browsers, apps and other software. If your mobile app or web browser hasn't picked up the revocation yet, it should be fine.

GlobalSign has released a full incident report to provide full disclosure on the Certificate Revocation Issue.

Our SSL certificate deals start as low as $6.00 per year!!

Due to our large-scale sourcing relationship from top global SSL brands such as COMODO, RapidSSL, GeoTrust and Thawte, you get the best SSL certificates at the best prices!

All certificates purchased via iWebz will have the best SHA2 256-bit security encryption with 2048-bit key length, and also improve your website's Google search result ranking.

getstarted_b

Visit our SSL Certificate store

SSL Certificate Product Recommendations

HTTP websites to be discouraged in Google Chrome

Not Secure indicator for HTTP websites in Google Chrome

The release of Google Chrome 53 saw the first phase implemented in Google's long-term vision of HTTPS becoming an Internet standard. This comes on the back of a major milestone noted via Chrome browser usage.

More than half of Chrome desktop page loads are now served over HTTPS.

Not Secure treatment for HTTP

For now, Chrome is marking all non-secure sites with an information radial that further explains a website has no encryption. This will go a step further starting in January of 2017 for websites with password or credit card fields.

chrome treatment of HTTP pages as not secure

Eventually, every single website without SSL will have a red warning symbol with "Not Secure" next to it within the Chrome environment.

HTTP websites not secure in Google Chrome

Click the link to hear it straight from Google.