Google Chrome 釋出 40 版

在「Stable Channel Update」這邊看到 Google Chrome 釋出 40 版,除了修正了一卡車的安全性問題外,其實我是因為發現對於使用 SHA-1 certificate 的 SSL icon 又不一樣才發現的...

Plurk 的 domain 看一下:


以及 Imgur 的 domain:

參考 Gradually Sunsetting SHA-1 這篇文章的說明。

使用 SHA-1 SSL certificate,有效期間在 2016 年的會顯示黃色三角形 icon:

Sites with end-entity certificates that expire between 1 June 2016 to 31 December 2016 (inclusive), and which include a SHA-1-based signature as part of the certificate chain, will be treated as “secure, but with minor errors”.

而有效期超過 2016 年的 SHA-1 SSL certificate 會顯示沒有安全的標記:

Sites with end-entity certificates that expire on or after 1 January 2017, and which include a SHA-1-based signature as part of the certificate chain, will be treated as “neutral, lacking security”.

不過剛剛測了一下,EV SSL 好像不在此限?

This entry was posted in Browser, Computer, GoogleChrome, Murmuring, Network, Security, Software, WWW and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *