New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 690060 link

Starred by 3 users
Status: WontFix
Owner:
mkwst@chromium.org
Buried. Ping if important.
Closed: Nov 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug


Show other hotlists

Hotlists containing this issue:
EnamelAndFriendsFixIt


Sign in to add a comment

Non-secure https sites will not now load

Reported by benjill...@gmail.com, Feb 8 2017 
UserAgent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Example URL:
Your connection is not private

Steps to reproduce the problem:
1. Go to any https site that is insecure (we have  sites that are like this)
2. There is no way to see the content
3. I accessed these sites perfectly fine before the Tuesday update.

What is the expected behavior?
The site would load

What went wrong?
The page showing the message "Your connection is not private" is displayed.

Does it occur on multiple sites: Yes

Is it a problem with a plugin? No 

Did this work before? N/A 

Does this work in other browsers? Yes

Chrome version: 56.0.2924.87  Channel: stable
OS Version: 6.3
Flash Version: Shockwave Flash 24.0 r0

Comment 1 by ligim...@chromium.org, Feb 8 2017

Labels: Needs-Triage-M56

Comment 2 by kochi@chromium.org, Feb 9 2017

Components: -Blink Blink>SecurityFeature
I guess this is working as expected.

Can someone confirm this is expected?

Comment 3 by benjill...@gmail.com, Feb 9 2017 

It wasn't the same behavior previously.
Previously, the site would load.
Which isn't to say it was right before/or now.
A related insecure message would allow the user to select 'proceed' anyway - although not with this particular insecure https. We would see that with domains that redirect to a firewall before allowing access (I don't know the specific name for this type of redirect) but the resulting warning from Google would explain there was a problem 'do you want to proceed anyway'.

Comment 4 by mkwst@chromium.org, Feb 14 2017

Labels: Needs-Feedback
I don't really understand what you mean by "site that is insecure". Can you give us a little more detail about what's going on? Is the site's certificate signed using SHA-1, for instance? If you open the console, you should get some relevant detail.

In general, we're constantly ratcheting up our protections against various kinds of badness on the web. If you have known-insecure sites, you shouldn't be too terribly surprised when Chrome updates start surfacing that insecurity.

Comment 5 by mkwst@chromium.org, Feb 14 2017

Owner: mkwst@chromium.org

Comment 6 by mkwst@chromium.org, Feb 23 2017

Status: Assigned (was: Unconfirmed)

Comment 7 by est...@chromium.org, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 8 by elawrence@chromium.org, Nov 10 2017

Status: WontFix (was: Assigned)
There's no actionable information here and no followup for 9 months. If you are still encountering problems, please open a new issue.

Sign in to add a comment