On Wed, Jul 03, 2013 at 08:34:55PM -0700, Damian Menscher wrote:
On Wed, Jul 3, 2013 at 8:21 PM, Jay Ashworth <jra@baylink.com> wrote:
----- Original Message -----
From: "Jeremy Chadwick" <jdc@koitsu.org>
I know exactly what you mean when you say "mixed-mode security" (for readers: accessing a site using HTTPS, but the URLs referenced within that site (for things like CSS, images, etc.) might use HTTP).
But what I don't know is where you've seen this. As in a step-by-step for where you commonly see it. Even if it varies, just make an itemised list of steps (from the point you hit http://twitter.com/ to wherever you see the issue) where you commonly see it.
Generally, anywhere I go on twitter's site (since it's AJAX now, there really isn't anywhere you "go"), it's https and it's not crossed out, as Chrome does to indicate mixed-mode.
As of tonight, I'm getting the "crossed-out https" indicator everywhere, even after a cache purge and a Ctrl-F5 reload.
This explains the meaning of the crossed-out https indicator: https://support.google.com/chrome/answer/95617?p=ui_security_indicator&rd=1
Interesting. From Jay's description (and my lack of familiarity with Chrome), I assumed what he was describing was what the above doc classified as the "warning" indicator ("The site uses SSL but Chrome has detected insecure content on the page"). The "crossed-out https" thing is defined vaguely/ambiguously (how convenient), but looks to be focused on either expired or incorrectly configured certs, or "mysteriously malevolent stuff". The latter made me laugh because, hey, let's not be specific at all, nobody needs to know..... I've taken a look at the certs I get back (there's 3 involved; Verisign's primary CA, Verisign's extended validation CA, and the one for twitter.com) and I don't really see anything wrong with any of them. I verified the CN/CommonName looks correct (twitter.com), and that the validity range (e.g. expiry, before/after) are legit. I can dump them if need be, just let me know. -- | Jeremy Chadwick jdc@koitsu.org | | UNIX Systems Administrator http://jdc.koitsu.org/ | | Making life hard for others since 1977. PGP 4BD6C0CB |