Replies

Sorry, we’re having a problem with google and firefox erroneously reporting our secure server as “not secure.” It is secure.

Here’s a copy of a post I made a couple days ago explaining the issue:

It’s a fake message by Google. Or misleading anyway. Our industry standard SHA-1 security certificate is paid-up, enforce and still valid and our secure server is still encrypting our donations just as securely as it always has for the last 15 or so years that we’ve been running it. Google, and now Firefox following their lead, has decided to deprecate their support for SHA-1 in favor of SHA-2 encryption. Apparently, they employed some supercomputers and after two years and millions and millions of attempts, finally managed to force through a suspicious encryption on SHA-1.

Announcing the first SHA1 collision

February 23, 2017

https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

But, other than that, our SHA-1 server is still valid and still secure.

That said, John will be upgrading to the new SHA-2 method, but there are some tricky systems level issues that he has to work out first. He was hoping to get it done before the 1st, but didn’t make it. Hopefully it’ll be done soon.

In the meantime, you can click on the “ADVANCED” link at the bottom of Google’s erroneous, misleading “not secure” message and continue to our secure server anyway, if you wish. Or if you’re on Windows 10, try opening our secure server donate link with the default Windows 10 browser, Edge, which still works perfectly fine without the erroneous message.

Thank you very much,

Jim