Insecure connection warning in Internet Explorer and Chrome for https

Insecure connection warning in Internet Explorer and Chrome. Both are the latest version and we have all of Windows updates installed. IE sometimes allows to proceed through the warning as insecure connection while Chrome does not. IE also displays sometimes information about not being able to find revocation certificate information for that website while Chrome does not do that. Even though both browsers display those insecure connection warnings, the website addresses are https;//. Weirdly, we had this problem in Chrome on Friday, then opened IE to check if that will work and it opened fine without warning. We have BitDefender antivirus installed. The issue occurs on few computers, Windows 7 Pro x64 and Windows 10 Pro x64. All computers are Dell OptiPlex.
Tom SkowyrskiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Martin MillerCTOCommented:
The serving site, may be insecure, e.g. not an acceptable SSL certificate on the service side. Check the SSL Certificate, maybe missing or self signed.
2

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBusiness Consultant (Owner)Commented:
Are you using http://  where you should be using https:// ?

On a test machine, reset IE completely, restart and test.
0
Cliff GaliherCommented:
With both browsers doing it, and Chrome not even letting you move past it, it sounds like you are visiting a site that still uses SSL 3 or TLS1.0

Both protocols are insecure now even though they use https.  When a browser says a site is insecure, it is often correct.
2
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

Martin MillerCTOCommented:
Comment from  Cliff  is also additional path to add to my previous one about SSL Certificate...
0
Tom SkowyrskiAuthor Commented:
https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/
The sites in question are https://www.business.hsbc.co.uk and Office 365 https://login.microsoftonline.com. They definitely have https when warning comes on. IE does not use SSL (I believe Microsoft turned it off with one of the updates recently). IE had TLS 1.0, 1.1, 1.2 selected so I only left 1.1, 1.2 selected (as suggested on https://www.experts-exchange.com/questions/29089683/Insecure-connection-warning-in-Internet-Explorer-and-Chrome-for-https.html). However, I did not do that for Chrome or Firefox.
Just to let you know - the weirdest thing is that it is quite random - it may work one minute and next half an hour when you try it does not.
I also changed DNS server on the computers to OpenDNS and Google DNS and flushed DNS.
1
arnoldCommented:
disable the windows network connection check on a sample of systems to see whether those system where this check is
using group policy explorer on a local system or use a GPO for a sample of the system,
computer configuration, policy, administrative templates\system\internet communication management\internet communication settings
enable the policy "turn off microsoft network connectivity status indicator

the issue you might experience every so often the MS NCSI  test appears not to pass, the yellow connectivity triangle appears on the network interface, and then it reconnects...

Eliminating this test, may help exclude this as an issue, and potentially identify where ...

Double check whether your system is going through a proxy......
0
Cliff GaliherCommented:
I think you misunderstood me. Yes Microsoft (and every other major browser( has disabled SSL and TLS 1.0 support in their browsers. But there are still old sites that have been configured with these insecure protocols and some also have old SHA-1 certifictlates, etc.

If you visit such a site with an up to date browser, you'd  me using https, but https alone is no guarantee that the site is secure. And since SSL and TLS 1.0 have been disabled in the browser, when the site attempts to negotiate its encryption, the browser properly throws an error such as what you describe.

That's what sounds like is happening right now. Either directly or indirectly, such as when a firewall supports HTTPS inspection. It does so by acting as a man-in-the-middle, with its own trusted cert. But if it is an old firewall and hasn't been kept up to date, what it presents to the browser may in fact be insecure.

Ive also seen malware install itself as a service to act as a MitM for such purposes.  Point being the browsers... Since there is more than one doing this are likely accurately reporting an insecure destination. The browser is likely not the problem. But is instead the traffic it is receiving.
1
Tom SkowyrskiAuthor Commented:
I am suspecting our router Cisco RV215W (with latest firmware) and BT fibre optic broadband. Had problems like that before on fibre optic from a BT's sister company PlusNet. WAN port on that Cisco router does not allow to specify custom DNS but the ISP's DNS is used. On PlusNet connection we noticed Office 365 certificate pointing to non-Microsoft website. Speaking to Cisco and PlusNet supports did not help to resolve the issue, however, bypassing router's DNS and ISP DNS by specifying it on the computers to be OpenDNS and Google DNS.
I wonder if it is the same problem on this network, but what is weird is that we did not have problems in the past and it just started recently - maybe last two months with last two weeks really annoying to users.
0
Tom SkowyrskiAuthor Commented:
My last comment above would support Cliff's advice - being re-directed so insecure site.
0
JohnBusiness Consultant (Owner)Commented:
We have this router at clients with no issue and I have similar in my home Office with no issue
0
Tom SkowyrskiAuthor Commented:
I agree with you John. I have few sites with that router and no problem. However, I have another two sites with BT/PlusNet broadband and that router and we have problems. It does not make sense but this is real pain.
0
Tom SkowyrskiAuthor Commented:
Users confirmed that changing DNS to bypass router worked. As I mentioned before - there is something quite not right when Cisco Rv215W is on BT or PlusNet broadband in UK (Cisco confirmed that on Fibre Optic connections WAN's DNS cannot be set and settings are acquired from ISP).
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.