Jump to content

Your connection is not private

Mads

By Mads
in Site Feedback & Support

Recommended Posts

JKSH Enthusiast

JKSH

Posted
Posted
24 minutes ago, Mads said:

Chrome is complaining about the security of lavag.org. It has an invalid certificate (encrypted with an outdated cipher)....

Weird. I'm using Chrome (version 49.0.2623.112), and it's telling me that my connection is private. What is the supposedly outdated cipher?

Link to comment
Michael Aivaliotis Contributor

Michael Aivaliotis

Posted
Posted

Well, see Google is starting to do this because they want to "fix the web". There is nothing seriously broken with LAVA. it's as @ShaunR points out. Less secure because of the outdated TLS 1.0. The problem lies with the web server OS that LAVA runs on. So it's nothing I can quickly fix with my intervention.

However, I'm aware of the situation. It's on my mind. I'm trying to figure out what modules and software layers need to change on the server, who can make the change, and how much will it cost me.

So what we have is better than no https. But definitely not up to snuff.

Link to comment
ShaunR Proficient

ShaunR

Posted
Posted (edited)
11 hours ago, Michael Aivaliotis said:

Well, see Google is starting to do this because they want to "fix the web". There is nothing seriously broken with LAVA. it's as @ShaunR points out. Less secure because of the outdated TLS 1.0. The problem lies with the web server OS that LAVA runs on. So it's nothing I can quickly fix with my intervention.

However, I'm aware of the situation. It's on my mind. I'm trying to figure out what modules and software layers need to change on the server, who can make the change, and how much will it cost me.

So what we have is better than no https. But definitely not up to snuff.

Centos5 by any chance?

This issue is (or at least TLS unable to support greater than 1.0 in Centos5) is the reason I have not moved to TLS on lvs-tools.co.uk yet even though I have the certificate.

The problem is that it trains users to ignore privacy and security warnings.. When they are compromised for real, they just carry on without questioning instead of not visiting the suspect site and certainly not putting in user names and passwords..I'm sure there is a proper name for this conditioning but it is the same (but with possibly greater consequences) than T&C dialogues.

Edited by ShaunR
Link to comment
  • 1 month later...
Tony Tran Newbie

Tony Tran

Posted
Posted (edited)

I have faced this issue before, but sometimes, it's a fault from your device, not really from the server or the SSL certificate itself. I realized if the date and time of the device are invalid, it can lead to this error. Or if some application block the SSL connection, this error message will show up. So make sure to check the date and time of your device first. In the next step, temporarily disable/turn off any antivirus software to verify the issue.

Source: https://bytebitebit.com/687/your-connection-is-not-private/

Edited by Tony Tran
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept