This site can’t provide a secure connection



  • Some kit I have to use is "a tad old", and when I try to access it, I just get this message "This site can’t provide a secure connection" with no option to continue. I can understand offering a warning when the site only uses and old (and insecure) encryption method - but I still [b]NEED[/b] to use this site. It's kit about 10 feet from my desk, on my own network, and it does not have a non-SSL option. As I work in IT, this is actually fairly common, we have various bits of legacy kit that we need to work with - and it's well past "annoying" when the tools (Java is another one) simply turn round and tell you "No way, that's not secure" when it's something I [b]NEED[/b] to do. And no, upgrades for the kit are not available. A secondary issue, is where it's a certificate issue, am I missing something or is there no option to say "please remember this certificate and don't warn me again" ? This is the norm with things like customer routers were even if we could upload a valid cert, it's really not worthwhile for something we might not access again for a few years !


  • Moderator

    The problem seems to be the cipher for SSL on your kit? Or is it a unknown, self signed certificate?

    Perhaps you cant start Vivaldi with some insecure settings, that helped on my old router months before.

    !!!! Warning !!!!

    !
    !!!! Warning !!!! Warning !!!! Warning !!!! Warning !!!!
    Only for use with the kit in your LAN with unsafe ciphers
    Start it from shell with arguments:
    –args --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013

    Dont visit any other sites with these insecure settings! in Web with such insecure SSL could be cracked and logins stolen.



  • @Gwen-Dragon:

    The problem seems to be the cipher for SSL on your kit? Or is it a unknown, self signed certificate?

    Both I suspect - I know the cert is self signed, but normally that's a case of getting a popup that the identity can't be verified etc and I can carry on. This is different - no option to carry on.

    Checking the site cert in Safari, it says the Signature Algorithm is SHA-1 with RSA Encryption

    Perhaps you cant start Vivaldi with some insecure settings, that helped on my old router months before.

    Dont visit any other sites with these insecure settings! in Web with such insecure SSL could be cracked and logins stolen.

    The problem there it just how much of a PITA is is to quit the browser, typically when I've got a load of other windows open, and then quit and relaunch later. Much much easier to just use another browser that "actually works".


  • Moderator

    Does Chromium parameter –ignore-certificate-errors work?

    Sorry, but i cant do more for you.



  • Well I don't have Chrome installed and don't intend installing it.
    On the upside, I've now found out how to pass command line args to a Mac application :)

    EDIT: But really, the issue comes down to a general message to the devs, it just isn't acceptable to declare <something>as insecure and not allowed when there are legitimate cases where that something is needed. Put up warnings, and even "are you really really sure" second warnings perhaps - but don't just block it and pretend it doesn't exist.</something>


  • Moderator

    The Chromium parameter was meant for Vivaldi ;) Vivaldi can handle chrome:// URLs and Chromium parameters.

    Dont blame the Vivaldi devs, they did not implement the security for SSL, thats a problem of Chromium coders.

    Can you export the cert of your kit and import cert as into certificate store of mac user keychain? That should help.
    https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/security.1.html
    https://derflounder.wordpress.com/2011/03/13/adding-new-trusted-root-certificates-to-system-keychain/



  • @Gwen-Dragon:

    The Chromium parameter was meant for Vivaldi ;) Vivaldi can handle chrome:// URLs and Chromium parameters.

    Ah, I see. I'll have to try it when I'm in a mood for closing all the session I have open.

    Dont blame the Vivaldi devs, they did not implement the security for SSL, thats a problem of Chromium coders.

    Ah, I hadn't realised it was the Chrome engine - that explains it since they've gone down the route of "Security trumps needs" since it would seem some people live in an ideal world where every server is capable of being updated. I've found a few threads describing exactly the same problem.
    Guess I'll just have to use a browser (built on an engine) that works ;)

    https://productforums.google.com/forum/#!topic/chrome/exlnC6aoHZY
    https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/F6ZjP6FnyRE/bK7TKtvnHYsJ

    I could live with nag messages to have to click through each time - I doubt if web sites would get away with telling users to keep ignoring security warnings for long.


  • Moderator

    I agree, there is a lack of overriding such security warnings and go on to webpage as it was in old Opera 12 or Firefox.
    I miss this.
    But i dont think it is easy to implement this by Vivaldi Technologies as they are small company and have less time ressources than Google, Opera or big Chromium community.
    But your wish for overrding such blockings by SSL/cert security was reported as feature wish by me months ago. So lets wait ;)


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.