If you see a warning message on your screen with the title “Your Connection is Not Private”, it means your browser isn’t able to verify the safety of the site. Visiting an unsafe or unsecure website could expose your personal information to potential risks. Each time you open a site, the browser checks the security certificate to ensure the site will protect your privacy. While the certificate is not valid, expired or absent, that’s a potential source of a threat to your privacy.

Why does “Connection Not Private, Google” appear?

Websites protect your data with SSL/TLS encryption. Certificates act as the insurance that the site really encrypts the data and uses proper technology for this purpose. If a user’s browser doesn’t recognize the certificate, the error “Google, Your connection is not private” appears. This error occurs because many websites that use SSL require security over HTTP (HTTPS).

There are numerous reasons why a website’s SSL certificate can’t be verified. One possibility is that it has been tampered with and isn’t functioning as intended. Alternatively, the certificate might have expired or be missing altogether. In any case, the webmaster must correct any error on their site in order to verify it. Even though the steps for each browser are similar, sometimes your device or browser settings might be malfunctioning and unable to connect to the website you’re trying to access. You can usually fix this yourself by following the same process for all browsers.

What the “Your connection is not private” message looks like in any browser other than Chrome.

Each browser displays the “Your connection is not private” message differently. Some even tweak the warning to read, “Your connection is not secure.” Others provide error codes to help you troubleshoot. Most throw up literal warning signs. Here’s what you might see.

Google Chrome

When Google Chrome is having trouble recognizing a certificate, it will display a large red question mark and inform you.

Common Error Codes:

• ERR_SSL_VERSION_OR_CIPHER_MISMATCH
• NET::ERR_CERT_AUTHORITY_INVALID
• ERR_CERT_SYMANTEC_LEGACY
• NET::ERR_CERT_COMMON_NAME_INVALID
• NTE::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED The certificate is invalid.

Mozilla Firefox

If Mozilla Firefox fails to recognize the certificate, it will display a lock with a red slash over it as well as the message.

Common error codes:

• ERROR_SELF_SIGNED_CERT
• MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED
• SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE
• MOZILLA_PKIX_ERROR_MITM_DETECTED
• SEC_ERROR_OCSP_INVALID_SIGNING_CERT
• SSL_ERROR_BAD_CERT_DOMAIN

Safari

Other browsers, such as Safari, don’t immediately provide you with error codes. Instead, it’ll return a red lock that has been crossed out and the message:

• “This connection is not private, Chrome”.
• “Website may appear to be impersonating domain.com in order to obtain personal or financial information. You should return to the previous page.”

I too might provide a link to the certificate via a "show details" button, this would allow you to understand the potential risks associated with visiting the website.

Microsoft Edge

Microsoft Edge mimics the Google Chrome error message “your connection is not private,” including the red exclamation mark.

Common Error Codes:

• DLG_FLAGS_INVALID_CA
• DLG_FLAGS_SEC_CERT_CN_INVALID
• Error Code: 0
• NET::ERR_CERT_COMMON_NAME_INVALID

How to correct “Your Connection to This Site is Not Private” Error

1. Reboot the Page

This may seem obvious, but one of the simplest and most effective things you can attempt to resolve the issue by closing and reopening your browser and attempt to load the page again. It’s possible that the website’s owner is currently reissuing their SSL certificate or there was a problem with your browser.

2. Check the Time and Date

While your computer’s date and time are out of sync with those displayed on your browser, this privacy error will appear. Additionally, it may display the SSL certificate of a website as having expired, which would also cause the error. Go into your computer’s settings and adjust the time and date when itф necessary. After that you’ve refreshed the page, reload it.

3. Update your Operating System

Google recommends upgrading your device’s operating system if you get this “the connection is not private” error. An outdated computer may lack the capability or willingness to recognize or utilize updated websites or SSL certificates. To update the operating system on macOS, go to System Preferences > Software Update. After all, check for updates and set them up.

On a Windows computer, enter the Сontrol Panel > Search for update > Check for updates and set up them.

4. Check the Antivirus Software

Follow the instructions below if you encounter “Your connection is not secure, Chrome. Antivirus and privacy programs can block some secure server certificates or even cripple network connections. They can be protective to the point of preventing your connection from being private. To test this, temporarily disable the software and try browsing.

5. Clear Browsing Data

Computer cookies help make each online session more personalized based on past activity. They can also help increase convenience when purchasing products or logging into websites by remembering personal information and payment methods. However, not having a private connection can cause security concerns as well. Each browser clears cookies differently. Clearing your browsing history removes all private data from your device, but also prevents you from truly enjoying a secure browsing experience.

To delete the history, cache, and other browser data from Google Chrome browser:

• First of all, enter Settings → Show advanced settings → Clear browsing data under Privacy options.

However if deleting browsing history doesn’t help, you can also reset the browser’s settings to the default.

To reset your Chrome browser settings:

• Firstly, click on the Chrome menu → Settings → Show advanced settings → Reset settings → Reset.

Deleting the chrome cache and removing unwanted Google Chrome extensions also has a significant impact in this situation.

For data removal in from Mozilla Firefox browser:

• Tap the menu button and choose Settings.
• Choose the Privacy & Security panel and enter the Cookies and Site Data section.
• Click the Clear Data… button. The Clear Data dialog will appear.



• You should also select the following options: Cookies and Site Data (to remove login status and site preferences) and Cached Web Content (to remove stored images, scripts and other cached content).
• Clear the screen.

To delete the cache, history, and other browser data from Safari browser:

• In order to your history and cookies, go to Settings > Safari, and select Clear History and Website Data. Deleting your history, cookies, and browsing data from Safari will not alter your AutoFill information.



• Going to remove your cookies and preserve your history, go to Settings > Safari > Advanced > Website Data, then select Remove All Website Data.
• If you want to avoid leaving a digital footprint, turn Private Browsing on.

To delete the cache, history, and other browser data from Microsoft Edge browser:

• Choose Settings and more > Settings > Privacy, search, and services.
• After that under Clear browsing data > Clear browsing data now, choose Choose what to clear.
• Under Time range, select a time range from the drop-down menu.
• Select the ways of browsing data you want to clean (see the table for descriptions).
• For example, you may want to delete cooking and browsing history but keep passwords and form fill data.
• Select Clear now.

Contact your system administrator

In some situations, you may have no access to the browser settings. That depends on the policies set by your system administrator. If you face connection issues, but cannot open the Settings, ask it for help. Such restrictions usually see usage to prevent any malware-related alterations, but sometimes that can end up with problems with some daily needs.

Stay Safe and Secure While Browsing Online

The error “Your connection is not private, Google” is one of the most beneficial messages you can receive because it protects your personal information. Simply encountering this error isn’t cause for concern, there are numerous innocuous reasons why your connection may not be safe. By attempting the methods listed above, you can efficiently identify and address the cause of the error. If none of the accordingly steps decide the issue, simply leave the website and find another option.

The post “Your Connection is Not Private” Error — Fix Guide appeared first on Gridinsoft Blog.

The difference between TLS and HTTPS

The predecessor of TLS is the previous Secure Sockets Layer (SSL) encryption protocol developed by Netscape. Because TLS version 1.0 began development as SSL version 3.1, the name of the protocol was changed before publication. Therefore, the terms TLS and SSL are sometimes used synonymously. Moreover, you can meet both technologies in use even nowadays. Most web browsers support the use of SSL protocol to secure the connection, despite IETF considering it obsolete in 2014. In some configurations, you may witness a connection error when trying to open the site with the obsolete security standard.

SSL/TLS is what adds S to HTTP. To make the website connection secure, you need an up-to-date SSL/TLS certificate. When you install an SSL certificate, you configure it to transfer data using HTTPS. Thus, the two technologies go hand in hand and, therefore, cannot be operated one without the other. URLs are preceded by either HTTP (Hypertext Transfer Protocol) or HTTPS (Hypertext Transfer Protocol Secure), which determines how the data you receive or send is transferred. To determine if a site uses an SSL certificate, check the URL and see if it uses HTTP or HTTPS because HTTPS connections require an SSL security certificate. Hence, we can conclude that difference between TLS and HTTPS is not that big: the former is a part of the latter.

Why should businesses use TLS?

Because TLS encryption can help protect web applications from data leakage and other attacks, HTTPS with TLS security is standard practice for websites. At that point, there is no difference between TLS and HTTPS, as they mean equal things for you. The Chrome browser promoted the transition of Web sites to HTTPS, after which other browsers followed suit. Today, cybersecurity experts don’t recommend trusting websites that don’t have an HTTPS padlock icon. SSL or more early TLS versions may contain exploitable breaches – thus, the last version (1.3) is the only option. Needless to say that using unsecured connections is like having a shower in a transparent stall amidst the crowded square.

What does TLS do?

The purpose of TLS protocol consists of services to all applications working on it: encryption, authentication, and integrity. Technically, you can apply only a random two of them, providing a sufficient level of security. But in practice, all of them are usually applied for security:

• Encryption – hiding information one computer sends to another. Even if a third party catches it, there will be no way to read the data without the public key. For a bystander, it becomes an unreadable sequence of symbols.
• Authentication – checking the identity of both parties of communication. Usually, that is a handshake and a check of URL correspondence. That ensures the absence of a third party that acts as a shady intermediary and sits in the middle.
• Integrity – detection of information spoofing. The intermediary we mentioned above could not just get the public key and read the info but also inject its own packages, spoofing the result. Integrity checks the hash sum of internet packages at each transfer step.

How does TLS work?

For TLS to work on a website or application, the source server must contain the TLS or SSL certificate. A certificate authority issues it to the person or company that owns the domain. It contains essential information about who owns the domain and the server’s public key, which is necessary for server authentication. Then, a TLS connection is initiated using a sequence known as the TLS handshake. For example, when a user goes to a website that uses TLS, the TLS handshake begins between the user’s device (also called the client device) and the web server. During the TLS handshake, the user’s device and the web server do the following:

• Specify the version of TLS they will use (TLS 1.0, 1.2, 1.3, etc.)
• Decide which cipher suites they will use.
• Authenticate the server with the TLS server certificate.
• Generate session keys to encrypt messages between them after the handshake is completed

The TLS handshake sets a cipher for each communication session. Cipher suites are algorithms that specify the information, such as shared encryption or session keys, to be used for a given session. For example, thanks to cryptography, TLS can establish matching session keys over an unencrypted channel. Cryptography is based on a public key technology. In addition, handshake handles authentication, which consists of the server confirming its identity to the client.

Public keys are used for this. These are encryption keys that use one-way encryption. Anyone with a public key can decrypt data encrypted with the server’s private key to guarantee its authenticity. However, only the original sender can encrypt the data with the private key. The server’s public key is part of its TLS certificate.

Once the data is encrypted and authenticated, it is signed with a message authentication code (MAC). The recipient can check the MAC to ensure the integrity of the data. This is something like the protective foil on a bottle of aspirin, which integrity assures the buyer that no one has tampered with the medicine.

The impact of TLS on the performance of Web applications

The latest versions of TLS have almost no effect on the performance of web applications. However, because of the complex process of setting up a TLS connection, it takes some time and processing power to load. In addition, the client and server need to exchange data several times before exchanging packets, which eats up precious milliseconds of web application load time and memory for both client and server.

Server administrators can use certain tricks to reduce the potential delay created by the TLS handshake. One such is TLS False Start, which allows the server and client to begin transferring data before the TLS handshake is complete. Another technology for accelerating TLS is TLS session resumption. It will enable clients and servers that have previously exchanged data to use a shortened handshake.

These improvements make TLS a fast protocol that should not affect access times noticeably. As for the computational cost associated with TLS, it is not very important by today’s standards. TLS 1.3, released in 2018, made TLS even faster. Because TLS handshakes in TLS 1.3 require only one round-trip (or two-way communication) instead of two, this reduces the process by a few milliseconds. However, suppose a user had previously connected to a website. In that case, the TLS handshake has no round trips, thereby speeding it up even more.

How to implement an SSL certificate on-site?

Depending on the site hosting parameters, there are different ways to add an SSL certificate. Sometimes, the site should obligatory have the certificate – for example, if it is an e-commerce page. Large hosting providers often offer to host packages that already include SSL certificates. In addition, it is possible to transfer an existing SSL from another host by exporting it from the original server and importing it to the new server. There must be special instructions on the hosting website for this. Finally, some certificate authorities require purchasing a server license for each server hosting the certificate.

The post Transport Layer Security (TLS): Difference Between TLS and HTTPS? appeared first on Gridinsoft Blog.

What’s the “Safari Can’t Establish a Secure Connection to the Server” Error?

Apple devices come with a security feature that ensures they’re safe and secure while browsing the web. This makes Apple computers one of the safest options for using the Internet.

This is why Safari, the browser that this website was originally intended to be viewed in, sometimes blocks users from accessing a website that it believes isn’t secure. When this happens, the error message displayed will typically state Safari Cannot Open the Page Cannot Establish a Secure Connection.” Error notifications may include different wordings and may appear in any format. As an example, the image above shows a notification that reads “Safari Can’t Open This Page.”

Related Content for Users:
Many problems with the Internet and downloading can be triggered by the problem of the computer freezing. How to prevent PC crashes randomly?

Such notification may appear when you are visiting the site with an SSL certificate expired and an unsecure connection. It means the browser doesn’t trust the encrypted data on the site and also indicates that Safari could not successfully access and verify the information. This can happen if a site doesn’t have its SSL certificate configured properly. It’s important to use Secure Socket Layer (SSL) and the SSH protocol on websites these days. This is especially true for any websites hosting sensitive data such as a WooCommerce store.

What Causes “Safari Can’t Establish a Secure Connection to the Server” Error?

This error message is usually due to one of two reasons: the website you’re trying to access isn’t secure enough or Safari can’t verify that it is.

To properly fix the “Unable to establish a secure connection” problem and solve it, you need to understand why the site is considered unsecured. Sometimes you may not know what the root cause of a problem is until you investigate different possible solutions.

Several common third-party extensions and add-ons cause the error “Safari cannot establish a secure connection to the server”. This error can occur if you have one of these extensions or add-ins installed. Even a minor error can cause “No secure connection to the server” problems. However, it may be something more complicated, like the version of the Internet protocol you use. The most common reason for the error is the expiration of the SSL site certificate.

How To Fix the “Safari Could Not Establish a Secure Connection to the Server” Error (6 Solutions)

Now that we know what the problem is, and its causes, then we can look at a few ways to fix it. With these tips, you can forget about this bug in your browser.

1. Clear Your Browser Data

Every time you visit a browser, Safari saves some of your data in cookies and caches in your browser. If this data contains outdated data that relates to site encryption or SSL, then this may be the reason for the error message. So to fix the “Safari Cannot Establish Secure Connection to the Server” problem, you should first clear the cache. Then, tap on Preferences > Privacy, then choose Remove All Website Data.

After you have uploaded, you can choose which sites you want to delete the data from. When you finish, click the Done button at the bottom of the screen. After that, to clear your entire browsing history, you can navigate to Safari > History > Clear History.

When you are finished, try visiting the site where the error was displayed. If the error has not disappeared, go to the next solution.

2. Check Your Device’s Date and Time

As odd as it may seem, if your Mac device displays an incorrect date and time, it can sometimes cause problems with Safari. Therefore, it is very important to make sure your time zone and date are set correctly.

To do it, you can tap on the Apple icon, then navigate to System Preferences > Date & Time.

After that, you can confirm that you’re using the right date and time.

You can also have your device automatically sync to your current location on the Time Zone tab. Once done, you can close the window and try accessing the site again.

3. Change Your DNS Settings

If the error persists, you should check your DNS (Domain Name Server) settings. In short, your DNS is like a phone book, allowing devices and websites to access each other. Safari uses your DNS settings to connect to websites.

If there is a problem with your DNS settings, you may see the “Safari cannot open page secure connection” message. To see if this is the case (and fix it), you can try changing your DNS address. For example, you can use Google’s public DNS. Go to Apple > System Preferences > Network.

From this window, choose your connection, then tap on the Advanced tab, followed by DNS. Next, click on the (+) icon next to IPv4 or IPv6 addresses.

After that you can enter the new DNS IP addresses. For example, if you want to use Google’s Public DNS, you can type “8.8.8.8” and “8.8.4.4”.

When you’re finished, tap on the OK button. Recheck the website to see if this process deleted the error message.

4. Uninstall or Disable Your Browser Extensions

As mentioned earlier, extensions or add-ons in your browser can interfere with Safari’s ability to securely connect to websites. This is sometimes common with antivirus programs and security-related extensions.

So, in the next step, try disabling all browser extensions. You can do this by opening Safari, then navigating to Preferences and clicking the Extensions tab.

A list of your extensions will appear in the left column. You can disable an add-on by clicking the check mark next to its name.

Once done, try accessing the site again. If this fixes the “Cannot secure connection to server” problem, you need to determine which extension is to blame. You can do this by systematically activating each plugin and visiting the website each time.

5. Disable IPv6

Internet Protocol (IP) is a set of rules that govern how data moves across the Internet. IPv6 is a newer protocol version. However, some websites still use the old version of IPv4. If this is the case, you may see the “Safari cannot establish a secure connection” message.

So you can try disabling IPv6 on your network. To do this, navigate to System Preferences > Network again, then click your network connection, then click the Advanced button.

On the TCP/IP tab, click the drop-down menu under Configure IPv6 and select Manual.

When done, click the OK button. If IPv6 is the problem, this should do the trick. If not, you can try the last solution.

6. Make Sure Keychain Trusts the Certificate

We’ve already mentioned that sometimes Safari may display a connection error message if it cannot verify the validity of a website’s SSL certificate. If this is the case, you can fix this by configuring the settings in the macOS Keychain Access app.

Keychain Access is an application that stores your passwords, account information, and application certificates. It protects your data and can control which websites your device trusts. So you can tell it to accept SSL certificates for websites in the future.

To do this, go to the website that displayed the error message, then click the lock icon to the left of the address bar, then click View/View Certificate > Details.

With the details pane expanded, click Ctrl + Spacebar. The Spotlight search bar will appear in the upper right corner of the screen. In the search box, enter "keychain".

Then click the system root directory on the left. Find the website’s certificate. Once you find it, go to the “Trust” section. Then click the drop-down menu next to the “When using this certificate” section and select “Always Trust”:

That’s it! You should now be able to successfully access the website without the “Safari Cannot Open the Page Secure Connection” error.

The post Safari Can’t Establish a Secure Connection Error appeared first on Gridinsoft Blog.

What is HTTP?

HTTP is a widespread data transfer protocol designed initially to transmit hypertext documents (that is, documents that can contain links that allow navigation to other documents). It was invented in 1990, along with HTML, to create the first interactive text-based web browser: the original World Wide Web. However, today, the protocol remains one of the primary uses of the Internet. But HTTP has a major drawback – it’s inherently insecure because it doesn’t use encryption. This allowed a hacker to view all the content. In addition, HTTP is unacceptable for businesses because it risks customers’ personal information. With HTTP, the identity of the client and server is not verified, they can be spoofed, and the integrity of the message cannot be proven.

What Does HTTP stand for?

HTTP stands for HyperText Transfer Protocol. According to the OSI specification, it is an application layer seven protocol, and the current version of the protocol, HTTP 1.1, is described in RFC 2616. When you open a web page using HTTP, your web browser uses the Hypertext Transfer Protocol (on port 80) to request the page from a web server. When the server receives the request, it uses the same protocol to send the page back to you. This protocol is the basis for large, feature-rich systems with multiple inputs, such as the Internet. Without this foundation of communication processes, the Internet as we know it could not function because links require HTTP to work correctly. However, HTTP sends and receives data as plain text. This means that when you’re on a website using HTTP, anyone listening on the network can see everything that is transmitted between your browser and the server. This includes passwords, messages, files, and other things that should not be seen by a third party.

What is an HTTP request and HTTP response?

When a user interacts with web resources, HTTP requests are generated by the user’s browser. For example, if a user clicks a hyperlink, the browser will send a series of “HTTP GET” requests for the content displayed on that page. These HTTP requests are sent either to the source server or a caching proxy server, and that server generates an HTTP response. HTTP responses are responses to HTTP requests.

What does a HTTP request look like?

Usually, an HTTP request is a set of lines of text corresponding to the HTTP protocol. For example, a GET request can look like this:

GET /hello.txt HTTP/1.1
User-Agent: curl/7.63.0 libcurl/7.63.0 OpenSSL/1.1.l zlib/1.2.11
Host: www.example.com
Accept-Language: en

This is a part of text generated by a browser, which is sent over the Internet. The main problem is that it is shipped precisely as plain text, which can be read by anyone monitoring the connection. This is especially essential when users send sensitive data via a Web site or Web application. That way, passwords, credit card numbers, or any other data entered into the form are sent in clear text, making them available to others. (When the user submits the form, the browser converts it to an HTTP POST request instead of an HTTP GET request.)

When the server receives the HTTP request, it sends an HTTP response, which usually looks like this:

HTTP/1.1 200 OK
Date: Wed, 30 Jan 2021 12:14:39 GMT
Server: Apache
Last-Modified: Mon, 28 Jan 2021 11:17:01 GMT
Accept-Ranges: bytes
Content-Length: 12
Vary: Accept-Encoding
Content-Type: text/plain

Hello World!

As mentioned earlier, if a website uses HTTP instead of HTTPS, all of these requests and responses can be read by anyone. Therefore, an attacker can read the text in a request or response and thus know what information someone is requesting, sending, or receiving.

What is HTTPS?

HTTPS is similar to HTTP, with the critical difference being that it is secure. The Secure Hypertext Transfer Protocol uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security), which packs and transfers data between your browser and the server in a secure, encrypted tunnel over port 443. Unlike HTTP, this method makes it very difficult for packet sniffers to decrypt.

What Does HTTPS Mean?

S in HTTPS stands for “secure”. Because HTTPS uses TLS or SSL to encrypt HTTP requests and responses, an attacker will see a set of random characters instead of text in the above example.

Instead of the above:

GET /hello.txt HTTP/1.1
User-Agent: curl/7.63.0 libcurl/7.63.0 OpenSSL/1.1.l zlib/1.2.11
Host: www.example.com
Accept-Language: en

The attacker sees the following:

t8Fw6T8UV81pQfyhDkhebuz7+oiwldr1j2gHBB3L3RFTRsQCpaSnSBZ78Vme+DpDVJPvZdZUZHpzbqcqmSW1+3xXGsERHg9YDmpYk0VVDiRvw1H5miNieJeJ/FNUjgH0BmVRWpI6+T4MnDwmCMZUI/orxP3HGwYCSIvyS3MpmmSe4iaWKCOHQ==

So what are TLS and SSL in online security? Although TLS is the successor to SSL, you may still hear HTTPS referred to as HTTP over SSL. A website needs an SSL certificate to ensure the security of user data. It also confirms ownership of the website, prevents intruders from creating a fake version of the site, and gains users’ trust. TLS and SSL are especially useful when shopping online. They keep financial data secure and are used on any website that requires sensitive data such as passwords, personal information, and payment details).

Another significant advantage of HTTPS is that it is much faster, which helps web pages load faster. So, since HTTPS is already considered secure, there is no need to do data scanning or filtering, which reduces the amount of data transferred. The easiest way to find out if the website you are on is using HTTPS or not is to look for the padlock icon to the left of the URL.

How does TLS/SSL encrypt HTTP requests and responses?

TLS uses a technology called public-key cryptography. There are two public and private keys, and the public key is sent to the client devices via the server’s SSL certificate. After the client opens a connection to the server, the two devices use the public and private keys to negotiate new keys, called session keys, to encrypt further communications between them. Further, all HTTP requests and responses are encrypted with these session keys, so anyone intercepting the messages can only see a random string of characters instead of the plaintext.

How does HTTPS help authenticate web servers?

HTTP has no identity verification based on the principle of trust. Authentication means verifying that a person or machine is who they say they are. Although the architects of HTTP didn’t decide to trust all web servers implicitly, they had other priorities than security at the time. In today’s Internet, however, authentication is essential. Just as an ID verifies a person’s identity, a private key verifies a server’s identity. When a client opens a channel with the originating server (for example, when a user goes to a website), possessing a private key that matches the public key in a website’s SSL certificate proves that the server is the legitimate website host. This prevents or helps block many possible attacks without authentication, such as On-path attacks, DNS hijacking, BGP hijacking, and domain spoofing. In addition, an SSL certificate is digitally signed by the certificate authority that issued it. This ensures that the server is whom it says it is.

The post Difference HTTPS vs. HTTP? Why is HTTP not secure? appeared first on Gridinsoft Blog.