English

Problems with some sites

I keep getting the following message when I try to access websites… “Couldn’t establish a secure connection”. Can you tell me why this is and how to solve it. I even got it on my Fairphone 1 when I attempted to access the Fairphone forum. It is very annoying.

Also, how do I change ownership of the phone I have been given? It still has the previous owner’s contact details.

Thanks.

Most likely the website problems occur because the FP1’s operating system (Fairphone OS 1.8.7 Kola Nut) is out of date and no longer regarded as secure enough. Unfortunately Fairphone had to stop working on a newer version (Fairphone OS 1.9.9 Macadamia), but an unfinished but usable version can be installed (and works well enough for myself):

If this is using the default browser, installing (and using) another one should also work. Fennec (f-droid) works well on my FP1, as did Firefox before that. Chrome and others may also work, but I haven’t tried.

3 Likes

I have tested Chrome and it works just as well (though I use Fennec as my everyday browser).

Just make sure that you do not use a browser that makes use of the built-in browsing engine. For example Lightning is such a browser, whereas Firefox and Chrome come with their own browsing engine.

Please open a new topic for this one. (Two questions per topic are discouraged.)

3 Likes

Thanks for replies. Firefox is installed and I use it. May try Fennec as people recommend it.

Just for information: the security errors you are seeing are coming from SSL/TLS encryption as used by “https://” web pages.

For a secured connection, you need an encryption protocol, and a certificate to make sure the web site you are connecting to is genuine. Encryption protocols are often updated.

Today, we mostly use the TLS 1.2 standard for encryption (and TLS 1.3 is upcoming but not yet widely supported). However the system library for secure connections in Android 4.2 does not support versions beyond TLS 1.0. As of 30 June this year, it is not allowed to use TLS 1.0 any more on web sites which process credit card information (https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls), and in general usage of TLS 1.0 is now discouraged. This is mainly a precaution as there are no ‘big’ vulnerabilities found yet that would require such a move.
Android 4.4 does support TLS 1.2 - so upgrading your FP1 to one of the beta 4.4 versions which can be found on this forum also fixes this part.

Certificates can become an issue in future. A certificate of a web site will be trusted, when it is signed by a certificate authority (CA) known by your phone (or browser, for browsers which implement their own certificate store). The so-called root certificates of these authorities, which are installed on your device, are typically valid for a limited time, and sometimes one may be revoked by the browser & OS vendors when a CA has been found to misbehave. Examples of the latter are Diginotar (2011) and WoSign/Startcom (2017).

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.