Chrome starts blocking web sites using HTTPS over SSL3

It would seem some organisations still haven’t got the message on SSL vulnerabilities, even one with a publicity-friendly name like Poodle.

For instance, Swinburne University of Technology, which is actually one of Australia’s better universities to learn computer science, has its student portal still trying to use SSL 3.

MySwinburne SSL error

My son was trying to figure out why he couldn’t connect with Chrome. Only by clicking for details do you get the slightly cryptic error: “ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION”

It turns out Chrome has disabled fallback to SSL3. For now you can override it (though it’s easier for now just to use another browser), but soon it’ll be disabled completely. Site owners will need to make sure their servers support TLS instead.

They’ve also started giving a warning on SHA-1 certificates — no more green logo; it’s gone yellow, with a warning: “This site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it.” Again, it’s up to site owners to resolve this, by updating their certificates.

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

Leave a Reply

Your email address will not be published.