Hacker News new | past | comments | ask | show | jobs | submit login

It's frustrating that Chrome and Firefox don't give any details about why the connection to an insecure site fails. You just get a "connection reset" page in Chrome, and a generic SSL security error in Firefox.

I was deploying a virtual appliance and was baffled as to why I was unable to load the configuration web page from both Chrome and Firefox, until I visited the vendors web page and downloaded a hotfix that removed the SHA-1 certificate. This was an appliance released in 2015. It's a shame that the software vendor is releasing insecure virtual appliances, but it's also a shame that Google and Mozilla can't get their act together enough to display an informative error message.

How about "The site you are attempting to visit uses weak cryptographic algorithms, so the connection has been blocked."

And, please give advanced users a way to click through anyway. If this is a virtual appliance I'm deploying in an isolated network and I'm trying to access the administrative page, I should be allowed to get there, without some nanny state browser manufacturer determining that my crypto isn't safe enough.




> And, please give advanced users a way to click through anyway.

This already exists, and you can find it by reading through the source of Chromium.


Hmm, when Firefox errors for me it shows why. The usual reason is an expired certificate or a certificate for different domain.


It would have nothing to do with the cert being SHA1.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: