Recently Google announces some changes to Chrome, which begins from January 2017 with (Chrome 56). Chrome currently indicates HTTP connections with a indifferent indicator. Which doesn’t reflect true lack of security for HTTP connections.
Now Chrome use icon flag to shown un-encrypted instances.As of now the icon is available in Google chrome, we can enable it by visiting chrome://flags, scroll down to “mark non-secure as,” and select “mark non-secure origins as non-secure.”
Above are the chances of seeing, what our browsers do in the screens above in 2017 is near zero.
Thresholds measures with ratios of user interaction on secure origins vs. non-secure.
-
Secure > 65%: Non-secure origins marked as Dubious
-
Secure > 75%: Non-secure origins marked as Non-secure
-
Secure > 85%: Secure origins unmarked
FAQ
Will this break plain HTTP sites?
No. HTTP sites will continue to work; we currently have no plans to block them in Chrome. All that will change is the security indicator(s).
Isn’t SSL/TLS slow?
Not really (for almost all sites, if they are following good practices).
What about test servers/self-signed certificates?
Hopefully, free/simple certificate setup will be able to help people who had previously considered it inconvenient. Also note that localhost is considered secure, even without HTTPS.
As mentioned above, plain HTTP will continue to work.
Pingback: PCI DSS Publishes Best practices for securing E-commerce Websites - 2017 - GBHackers On Security()
Pingback: Gmail no longer for Windows XP and Windows Vista Users on Chrome - GBHackers On Security()