Tag Archives: ssl error

TLS vs SSL vs HTTPS

SSL Advanced, SSL BasicsHTTPS, ssl error, TLSCasey Crane

(7 votes, average: 4.00 out of 5, rated)

A primer on what each of these encryption terms entails and their impact on website security

TLS vs SSL vs HTTPS. So many acronyms, so little time. All of these terms relate to encryption and website security — however, many people who don’t spend their days entrenched in cyber security may not be intimately familiar with them.

HTTPS, an encrypted and secure networking protocol, is what we get when we use SSL/TLS to secure websites. You know how there’s a padlock security indicator in your browser’s address bar? Yeah, it’s because of that (and other things we aren’t going to get into here).

One of the most common questions we get regarding the topic of TLS vs SSL is “what the difference is between SSL and TLS?” The confusion makes sense, in a way. After all, SSL and TLS aren’t exactly the same thing, but they serve the same function.

So, how do we split the difference?

And the answer to that is incredibly technical — far more technical than most people care to go. So, we’re going to summarize it for you so you can rent it space in your brain at the expense of some other far more relevant piece of information. Say goodbye to the Pythagorean Theorem — we’re about to talk about SSL and TLS.

SSL — The OG

SSL, or secure sockets layer, was the original lynch pin of public key infrastructure (PKI). Initially, the internet was not designed for commercial use. It was basically just a network for the military and academia in its earliest iterations. As commerce and other vital services crept online, the need for data security arose. Unfortunately, HTTP or the Hypertext Transport Protocol, was never designed for security, so a mechanism needed to be invented to secure it.

Thus, SSL and HTTPS were born. The first couple of SSL versions were failures and never really got off the ground. SSL 3.0 was eventually released but was quickly found to be vulnerable to several exploits, too. That was 1996.

Enter TLS

TLS, or transport layer security, was created in 1999 as kind of a spiritual successor to SSL 3.0. It’s based on SSL, but there’s one really important, key difference — this isn’t the House of Saxe-Coburg and Gotha renaming itself the Windsors as a branding move — it’s an actual functional difference.

Knowing the Difference: SSL vs TLS

What’s the difference between SSL and TLS? SSL makes it connections by port. In computer networking, a port refers to a memory address that’s used to help organize traffic during a connection. This occurs at the transport layer of the connection; individual services have dedicated ports. 443 is the port for HTTPS. 80 is the port for HTTP. 21 is for FTP and so on. There are 65,535 ports total, and only a set few are dedicated to a particular service or function.

Since SSL makes its connections via port, it starts with port 443 for an HTTPS connection. This is called an explicit connection, and the port expects a negotiation before the session begins.

TLS, on the other hand, connects via protocol. This is an implicit connection. It begins with a client hello via an insecure channel to the server. Once the handshake commences, the connection switches to the correct port (443).

A lot of the other parts are basically the same. Both protocols authenticate and facilitate encryption. They both negotiate with handshakes. It’s the way that initial connection is made that differentiates the two. The security they both provide is exactly the same.

Problems with TLS

TLS is, by no means, faultless. While SSL was riddled with vulnerabilities, the early iterations of TLS also had their fair share of hiccups, too. POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption, is a padding attack that can be used against block ciphers. This sick little puppy was basically the final nail in SSL 3.0’s coffin. They thought they fixed it with TLS. Needless to say, they were mistaken.

As it turns out, POODLE didn’t die. We still seeing variants of POODLE to this day. There are also exploits like downgrade and stripping attacks that take advantage of the backward compatibility that was included in TLS in the name of interoperability.

TLS 1.0 and TLS 1.1 are now considered insecure, with the major tech companies planning a mass deprecation of both by January 2020. TLS 1.2 is the current standard while TLS 1.3 was just finalized in Summer 2018.

TLS 1.3 Looks Toward the Future

TLS 1.3 will change SSL/TLS forever simply because it’s not backward compatible with any of the previous protocol versions. Currently, you have to support TLS 1.2 and 1.3 side by side, as users can’t roll back to 1.2 from 1.3.

In addition to eliminating backward compatibility, which should kill off older protocol versions, TLS 1.3 made several significant improvements over previous iterations:

It reduced the handshake, which adds latency to connections, to a single roundtrip and added 0-RTT resumption.
It eliminated older ciphers that have been found vulnerable, like RC4 and RSA.
It reduced the number of negotiations made during the handshake to just two.

What’s Better: TLS vs SSL

Given their similarities, and the known vulnerabilities facing SSL, this really should only be asked rhetorically. You did mean this rhetorically, right?

If you’re still supporting SSL, you’re only inviting trouble. Even supporting earlier versions of TLS is ill-advised. You should be using TLS 1.2 and TLS 1.3 by now.

SSL may be TLS’ predecessor, but it’s seriously outmoded now. Even if it’s still what we use colloquially to refer to TLS.

The Types and Validation Levels of SSL Certificates

There’s a lot to know about SSL certificates and their validation levels. We’ve got you covered.

Learn More About the Types of SSL Certificates

Home SSL Resources ssl error

How to Fix ‘ERR SSL VERSION INTERFERENCE’ in Google Chrome

Error Messagesssl error, TLSCasey Crane

(3 votes, average: 3.67 out of 5, rated)

What causes the “This site can’t be reached” Chrome error & how you can fix it

The internet is full of many things: cat videos, pornography, questionable social media posts, and bad advice. Lots and lots of bad advice. Anytime you search for help with a browser error, you’re bound to wade into a pool that’s waist deep with highly-optimized SEO content that doesn’t actually answer the question properly. Or, if it does, but it then offers egregious advice on working around it.

The Google Chrome ERR_SSL_VERSION_INTERFERENCE (sometimes written “ERR SSL VERSION INTERFERENCE”) is a perfect example of this. Most of these garbage answers start off with some keyword stuffed boiler plate language about how common SSL errors are.

Shade aside, there aren’t “many reasons” for this problem. There’s one reason only. And, aside from adjusting their protocol version support, there’s nothing that a user could responsibly do to solve this problem. Advising anything else is patently irresponsible and should be punishable by flogging.

Why “ERR SSL VERSION INTERFERENCE” Appears in Chrome

The reason you get the “ERR_SSL_VERSION_INTERFERENCE” in Chrome is that the website you’re attempting to visit doesn’t support a mutually agreeable TLS protocol version. The most common iteration is one of you — either as the client or the server — is exclusively supporting TLS 1.3 and the other doesn’t support it at all.

TLS 1.3 is not backward compatible with former versions of the protocol. While this may initially seem like an oversight, it’s done quite a on purpose. Older versions are susceptible to oracle padding and downgrade attacks. The vast majority of the internet is still using TLS 1.2, but about 35-40% of the Alexa Top 100,000 have begun supporting TLS 1.3. The smart move would be to support both 1.2 and 1.3 until the latter achieves the right degree of proliferation.

Unfortunately, some sites have already turned off support for 1.2 in favor of 1.3. For most modern browsers, this won’t be an issue. But if you’re running an older version, or you don’t have support for 1.3 activated on your OS, you could run into this problem.

Fixing ERR_SSL_VERSION_INTERFERENCE for Web Users

Provided your browser supports TLS 1.3 and TLS 1.2 — and with Chrome, that’s actually a decision made on the OS level — there’s not anything you can do to fix this beside contacting the site owner. Some of the bad advice you might see with regard to solving this from the client side includes:

Trying to reach the site in guest mode
Clearing your cache and data
Disable/Uninstall Security Programs
Disable TLS 1.3
Reset Chrome

The first two have absolutely no impact on this error. The next two are so egregiously bad as to actually pose a threat to anyone who heeds them. While resetting Chrome — or perhaps more appropriately uninstalling and then reinstalling it — might work, it means you had bigger problems than the ERR_SSL_VERSION_INTERFERENCE error if it does fix it.

Fixing ERR_SSL_VERSION_INTERFERENCE in Chrome If You’re a Site Owner

Chances are you’ve misconfigured your servers. The most likely explanation is you disabled version support for everything but TLS 1.3. This is very forward-looking of you but, ultimately, a little premature.

The other possibility is that you’re using an earlier version of TLS 1.3. It took 28 drafts to finally nail down TLS 1.3, but popular browsers and servers added support for it way before it was finished. Older versions don’t always play nicely. So, you might have TLS 1.3 enabled, but it’s an early build and you need to update the implementation.

Either way, it comes down to configuration.

Here’s some other advice:

Check your SSL certificate
Update your antivirus and firewall

Neither of these are all that likely to fix the issue — but, occasionally, they might. Most likely though, when you receive the “This site can’t be reached” or “ERR_SSL_VERSION_INTERFERENCE” message, you just need to reconfigure your server settings.

Save Up to 82% on DV SSL Certificates

Protect a website in a few minutes with DV SSL or Domain Validated SSL Certificate.

Get a DV SSL certificate, starting at $12.42/year

Home SSL Resources ssl error

How to Fix the “NET::ERR_CERT_AUTHORITY_INVALID” Warning – Ultimate Guide

SSL Basicsssl errorrsossladmin

(5 votes, average: 5.00 out of 5, rated)

Step-by-step guide to address “NET::ERR_CERT_AUTHORITY_INVALID” error in Google Chrome

If you see this error when you’re trying to visit a particular website in Google Chrome — or, worse, your own website is showing this error — the following reasons could be why:

SSL certificate is self-signed.
The website’s SSL/TLS certificate was issued by a certificate authority (CA) who not trusted by Chrome. This often happens when the certificate authority is not a member of the CA/B forum.

The Solution for Website Owner/Webmaster

If you’re the website owner, seeing a “NET::ERR_CERT_AUTHORITY_INVALID” warning message must be an alarming indication that the browsers do not trust your SSL certificate.

Bringing visitors to your website is a challenging task for every webmaster. And when such hard-earned web visitors abandon your website as the result of SSL certificate-related errors, you lose both in terms of your business’s bottom line and reputation. This is one reason why you may want to consider changing to a different certificate authority.

If you’re using a self-signed SSL certificate just to save money or to save yourself from dealing with the SSL installation process, you’re merely unaware of the latest trends of SSL industry. You can get the most reputed brand DigiCert’s RapidSSL certificate for less than $15 per year with a $10,000 warranty and a free site seal. Plus, you can outsource the entire pesky SSL installation process for just the one-time expense of $29.99.

The Solution for Website Visitors

The best thing you can do as a website visitor is to contact the website owner or webmaster and ask them to resolve this issue because:

Visiting such a website can be potentially dangerous, and
They may not be aware that their site is displaying a “NET::ERR_CERT_AUTHORITY_INVALID” warning

However, if you choose to proceed ahead anyways, one of the following methods will likely work for you:

1. If your web browser is outdated and does not support the current version of the SSL certificate’s encryption algorithm, update your browser.

2. If cookies in your web browser are creating the issue, try the following methods:

Go to Chrome, click on the menu from the top right side (it looks like three stacked dots).
Select new incognito window.
Try to open the website in incognito mode —if the website loads without an error, the issue is with your Chrome extension. This means you’ll need to turn off the extensions.

To deactivate browser extensions in Google Chrome:

In the Chrome browser, click on the menu at the top right.
Go to more tools.
Click on extensions.
Make your changes:
Turn on/off: Turn the extension off.

Note: SSL certificates from untrusted CAs are often used by cybercriminals who otherwise can’t get legitimate certificates from trusted CAs. Attackers use such certificates for phishing attacks, which involves making fake versions of popular websites. You should avoid surfing on unsecure websites (those without HTTPS in their web address). However, if you’re 100% sure that the website you’re trying to visit is safe and won’t cause any harm, only then should you consider performing the following steps to get rid of NET::ERR_CERT_AUTHORITY_INVALID error message:

3. Antivirus software or firewall is creating the issue.

Some antivirus software are too sensitive towards SSL errors if they have enabled “HTTPS protection” or “HTTPS scanning.” If your antivirus software or firewall is creating the issue, you can disable your antivirus program for a while to visit the website. Don’t forget to reactivate your antivirus solution once you’re done visiting the website

Disclaimer: Deactivating your antivirus and firewall solutions may leave your system vulnerable.

4. Temporarily ignore the SSL error: option 1 (not recommended)

Write Chrome://flags in Chrome’s address bar.
Locate the following option and select enable from the dropdown menu on the right side.

Note: Disable this option as soon as you’re done working on that website.

5. Temporarily ignore the SSL error: option 2 (not recommended)

Right-click on your Chrome icon from your desktop — select properties and shortcut.

Now write down “-ignore-certificate-errors” after /chrome.exe in the target field. Press apply, and then OK. Restart the Chrome browser.

Buy SSL Certificates – Save 79%

At RapidSSLOnline we offer the cheapest SSL certificates at an incredibly discounted rate, starting from only $12.42/yr. We offer a 30-day money back guarantee and 24/7 support to help you implement your SSL certificate.

Shop for RapidSSL Certificates

Shop for DV SSL Certificates

Media Center