Google Chrome will start flagging all http pages as “unsecured” with the release of Chrome 68 in July 2018

    After 5 months, the current version of the world's most popular browser will add the text " Not secure" in the address bar of all pages that do not open via https. Details and a survey under the cut.


    image


    Google Security Blog has published news about the next stage of forcing the transition to https. Let's recall the two previous steps. You can also read about them on the official website of the Chromium project.


    In January 2017, a warning appeared on all pages with a password or card number. About it there were posts on Habré and Geektimes .


    Since October 2017, a warning occurs when entering data already on any fields of the page, as well as for all pages opened in incognito mode. Post on Geektimes .


    And from July 2018, absolutely all http pages will be marked as "not protected." You can already see how your http site will look for visitors - just open it in incognito mode (Ctrl + Shift + N).


    Example - http://example.com/


    image


    The final stage (until it is announced when) will be such a red icon.


    image


    One of Google’s main arguments in defense of this policy is the Let's Encrypt project . Let's Encrypt (by the way, one of the Linux Foundation projects ) issues TLS certificates for use in production for free. You can get it either manually at https://www.sslforfree.com/ , or automate the verification and reissue process thanks to the open ACME protocol. Among its many client implementations for different web servers and environments, the officially recommended client is CertBot (which is developed by the Electronic Frontier Foundation (EFF) ). From the good news - on February 27, 2018 they will start issuing a wildcardcertificates, which many were waiting for.


    I also add that the Chromium project also offers to see how the browser react to certain problems with https on a special site https://badssl.com .

    Only registered users can participate in the survey. Please come in.

    What do you think of the fact that Google Chrome forces the transition to https in a similar way?

    • 48.2% I fully support 240
    • 21.1% I support, but they do it too hard 105
    • 7.6% It makes no difference to me 38
    • 22.9% I do not support, they should not force the transition to https 114

    Have all your sites switched to https?

    • 37.2% Yes, all sites use only https 142
    • 22.8% Only part of the sites, but we plan to translate all 87
    • 20.7% Only part of the sites, and do not plan to translate all 79 yet
    • 6.5% We don’t use https at all, but we plan a universal transition 25
    • 12.5% ​​We don’t use https at all, and we don’t plan a transition yet 48

    How do you or your project feel about Let's Encrypt certificates?

    • 44.2% We use everywhere only Let's Encrypt 159
    • 20.8% We use only on some sites 75
    • 12.2% We do not use, but plan to use 44
    • 5.2% We have EV (Extended Validation) certificate 19
    • 6.9% We do not trust, and we will continue to buy certificates for money 25
    • 10.3% We do not use https 37

    Also popular now: