What is Screwing Up Chrome This Morning?

Ricardo Jimenez wrote:

And now, Chrome can't handle www.nytimes.com !!
Thanks to those who have explained why. Could you make it simple? Is
the following correct? There is nothing I can do except use a
different browser. TIA

Not a problem for me. Says "Secure" and stays that way. Look at the
add-ons you installed. Could be one is modifying the page, like an ads
or tracking blocker (their purpose is to break web pages by not allowing
access to external resources). Disable all add-ons, exit the web browser
(and check there are no remnant instances in Task Manager's Processes
tab), and retest.

You might've changed settings for the web browser that make it no longer
functional with HTTPS web sites. One of your prior site mentions used
HTTPS (the other did not and why you got "Not Secure" because it was
just an HTTP page). Now this HTTPS site is listed as insecure. If it
is a setting in Google Chrome that is causing the problem, try a new
profile for Google Chrome.

https://www.google.com/search?q=goog...0new%20profile

If that doesn't help, reboot Windows but in its safe mode to eliminate
startup programs, like anti-virus that includes an HTTPS scan feature,
from possibly interferring with the web browser.

Ricardo Jimenez wrote:

As far as www.nytimes.com , it will come up sometimes as
http:/www.nytimes.com and at other times as https://www.nytimes.com In
the first case, there will be an insecure message in the address bar
and the site is unusable. Just adding the s in the address bar seems
to work for some sites but not for others like www.talkleft.com I
think that Chrome preventing http sites from working just started this
week, at least for Windows10.

Are you using the HTTPS-Everywhere addon? That uses a table of where to
switch from HTTP to HTTPS and they get that table wrong quite often.
That's why I quit using it: too flaky, too limited on scrop of web sites
where auto-switch to HTTPS is defined. After the 3rd time of having to
report to them errors in their algorithm or in their table, I decided to
dump the flaky addon.

On Tue, 12 Dec 2017 12:49:58 -0500, Ricardo Jimenez
wrote:

On Tue, 12 Dec 2017 12:28:20 -0500, Doomsdrzej wrote:

On Tue, 12 Dec 2017 09:54:43 -0500, Ricardo Jimenez
wrote:

And now, Chrome can't handle www.nytimes.com !!
Thanks to those who have explained why. Could you make it simple? Is
the following correct? There is nothing I can do except use a
different browser. TIA

What exactly does it do when you venture onto the site with Chrome?
Can you post a screenshot, per chance?

As far as www.nytimes.com , it will come up sometimes as
http:/www.nytimes.com and at other times as https://www.nytimes.com In
the first case, there will be an insecure message in the address bar
and the site is unusable. Just adding the s in the address bar seems
to work for some sites but not for others like www.talkleft.com I
think that Chrome preventing http sites from working just started this
week, at least for Windows10.

To me, it sounds like you're downloaded and installed some plug-in
which is malfunctioning. It forces you to use secure sites which is
obvious a good thing but rather useless for sites like the NY Times.
Are there any extensions installed per chance?

Ricardo Jimenez wrote:
On Tue, 12 Dec 2017 12:28:20 -0500, Doomsdrzej wrote:

On Tue, 12 Dec 2017 09:54:43 -0500, Ricardo Jimenez
wrote:

And now, Chrome can't handle www.nytimes.com !!
Thanks to those who have explained why. Could you make it simple? Is
the following correct? There is nothing I can do except use a
different browser. TIA
What exactly does it do when you venture onto the site with Chrome?
Can you post a screenshot, per chance?

As far as www.nytimes.com , it will come up sometimes as
http:/www.nytimes.com and at other times as https://www.nytimes.com In
the first case, there will be an insecure message in the address bar
and the site is unusable. Just adding the s in the address bar seems
to work for some sites but not for others like www.talkleft.com I
think that Chrome preventing http sites from working just started this
week, at least for Windows10.

Here are my test results. Your three URLs actually gives
a nice mix of results, so good choice on the test cases.

In the middle picture, if I hold the mouse over the
letter "i", a balloon appears with an explanation of
what is insecure (the images on the page).

https://s7.postimg.org/4pi7dg8jf/chrome_results.gif

*******

When Google makes a set of preferences for the crypto suite in Chrome...

Protocols
TLS 1.3 No --- probably experimental support
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No

Cipher Suites (in order of preference) Bits

TLS_GREASE_1A (0x1a1a) -
TLS_AES_128_GCM_SHA256 (0x1301) Forward Secrecy 128
TLS_AES_256_GCM_SHA384 (0x1302) Forward Secrecy 256
TLS_CHACHA20_POLY1305_SHA256 (0x1303) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK 112

Named Groups tls_grease_2a2a, x25519, secp256r1, secp384r1

it takes into consideration articles
like this one. If a web site didn't support Curve25519 for
https, then Chrome could always fall back to another scheme.
And it's kinds funny that ssllabs rates 3DES in the
table of suites as "weak" and it's the weakest one
Chrome will apparently use. 3DES is 112 bits. At one
time, such a thing was considered "strong" but not any
more. There's too much hardware out there to brute
force things like this.

https://en.wikipedia.org/wiki/Curve25519

There really aren't enough crypto experts in the world.
Or, the ones that do exist, keep too low a profile.

Paul