The connection to this site is not fully secure

Hello Guys, 

Anyone noticed that the Tek's website is now showing up as not being fully secure on Firefox, specificly version 36.0?  (Vannila install - no Addons)

 

It seems to be problem with firefox as I seem to be getting the problem now on my own site :(.  Tested on three machines.

Is it to do with this change:

http://www.pcworld.com/article/2877672/the-end-for-1024bit-ssl-certificates-is-near-mozilla-kills-a-few-more.html

My Site is currently being hosted by Blue host - does anyone know a fix to this problem or anyone else experiancing this problem?

Cheers

You are not talking about "Mixed Content" (HTTP and HTTPS Content on the same site), right?

On my site - there is no mixed content - it passes https://www.whynopadlock.com/ tests but it was failing to get the padlock.

My host - suggested adding this to fix my problem:

#Added by Bluehost 2/28/2015 to disable RC4 cipher
SSLCipherSuite ALL:!ADH:+HIGH:+MEDIUM:+SSLv2:+EXP

Once added it corrected the problem,  but it only came in with Firefox version 36.0  (no PC voodoo going on).

 

1 Like

There might be AJAX content loading afterward that is not encrypted. That's why it may pass that online test. It probably doesn't run the page's scripts.

You could also try https://www.ssllabs.com/ssltest/

As mentioned - Blue host resolved my issue - but I throught it was interesting as this site(not forum) suffered from the same problem with the new FF update. I dont know if there further changes to teksyndicates site recently or whether new FF update as eradicated the problem.

Note that it was only happening on FF, chrome and others are fine.

1 Like

Hi Gandalf

I am having exactly the same issue with Bluehost.

Is your fix something they need to do or is it a user fix?

Any help would be most appreciated as this is driving me crazy and costing me lots.

Thanks

Conrad

Not even able to log in through Chrome at the moment due to the unsafe scripts not being loaded and thus the log in handshake not properly coming through.

I see that this a little old, but I noticed the warning in Chrome today about unsafe scripts on the main site and the forums. I was able to log in and the warning went away after logging in, but the fact stands that there still seems to be a problem. (Which is why I clicked this thread when I saw it)

tip: use // in url instead of http:// or https:// for everything

ex: src="//google.com/idontevenknow/somescript.js"

@Conrad

Sorry for the delay in replying - my issue was due to an old version of the security cert being cached in the browser and needing to delete the cert cache. I think it may of also been that the cert hadn't been setup correctly on blue hosts end.