Just download chrome

It's complicated.

Here's an article from last year:


Here are articles about what's going to happen later in this year:



For those of us who have managed SSL certificates for our company's websites, this is nothing new. Apple has been pushing for tighter standards, smaller windows for the lifetime of the certificates, and they want to be more restrictive on the certificate authorities (CAs) that issue them.

What is a certificate authority? It's an organization that will issue someone who owns a website (public, or private if it's internal to your company) an SSL certificate that will be 'trusted' by your browser. This is done via a cryptographic algorithms (some of which are now obsolete). On the phone, on the tablet, or on the laptop/PC, the SSL (or encrypted, or 'trusted' connection) will be allowed. Part of the security updates for most modern OSes include an update to the 'trusted' certificate authorities. Apple (and other larger companies) don't want those obsolete algorithms/ciphers anymore, because they can be broken.

Certificate authorities have been breached and compromised before, and this is generally disastrous. Imagine the certificate for https://www.bankofamerica.com being compromised (it's actually a chain of certificates, but that's another storry), but since your browser is 'trained' to trust it, you enter your username and password to pay your mortgage, and some hacker in another country now has your details. Or Etrade, or your local credit union, etc etc.

While it made my life harder, I generally agree with what Apple is trying to do, but I wish they wouldn't do it unilaterally. There are so many smaller operators (maybe your email provider is one), that can't spend the money to upgrade their certs. Or they don't have the personnel to do so. Also, getting a certificate cut from a CA does cost money, and the big boys and girls get discounts in bulk. I remember a specific outage at my company over 10 years ago, where the CA screwed something up. Fifty people joined the outage call, and lawyers and paralegals were called in at the end when we corrected the issue. A question was asked, legally, about how much recourse our company had against the CA. $13/yr is what we paid for the certificate.

TDLR; Download Chrome. You can ignore the certificate warnings, but be very careful when logging into important things.

Another problem that I've dealt with. We've run the numbers on what our clients connect with (Phone/PC/tablet/browsers), and it seems some of them haven't seen a security update in years (like more than five). We can look at the SSL handshakes in our logs to determine what ciphers and algorithms the clients are using. So when Apple or Google says you can't use a 'style' of cert, our business folks run the numbers on how much we would lose by shutting those customers off. Yes, it sucks, but if our clients on IOS and Android devices couldn't connect, it would be even worse in terms of business impact. So there are large projects spun up at the business level to protect these customers, but at a technical level it's a losing fight.

i'm trying to avoid google but if that's the only way to connect to the sites i frequently go, then so be it. but i'll try others first. thank you for the suggestion.

i'm mostly lost! thanks for the articles though. at least it gave me a liitle idea on what's going on. i wonder if i use firefox and some of the name listed in one of the articles, i might get lucky that one of them is trusted so that i can get in to the websites i'm trying to visit?

I haven't used Firefox in over a decade, when it was last 'good.' IIRC, Firefox and Chrome at least give you the option to ignore the security warnings. Safari doesn't do that anymore.

^^^ that's good to know and might be a work around to access the forbidden sites.

Firefox with their latest rework got back to basics and really speed things up again. I'd say it competes with chrome now.

If you have some problem with Google there are several browsers based on chrome which don't have the extra Google parts. Chromium is a good example. Some people like Brave. Even Microsoft's latest browser is using the chrome rendering engine now. In a sense so was Safari as they are all ultimately based on khtml. One advantage of going with a browser based on chrome is most will fib to the webserver and just declare themself chrome which means there is very rarely any compatibility uses.

I've been using Firefox since early Beta...
They had a few versions that were stuck on stupid, but for the most part Firefox rawks.

Firefox works on Win, Linux, & Android (Linux Based), but there are also variants such as Iceweasel which are derivatives of Firefox with less bloat, as I understand it.

Not sure if you can get it for iPhruity devices like iPhones and Macs, as I don't waste extra money on those just to verify, but I assume one can...

FIFY!

I don't think Safari's been updated this century, and beer gOOgles is the electronic anti-Christ.

thank you thank you thank you all. i'm using firefox now and i'm able to go to the "forbidden" sites.

Good choice, Firefox. It's probably the most standards-compliant major Web browser out there, it's fast (now), and the NoScript plugin is available for it (heck yeah!).

^^^ couldn't be happier! everything is peachy now and faster it seems.