Don't be surprised if you visit "liftmaster.com" which redirects to "https://liftmaster.com" and you do not get a SSL padlock in your browser. We noticed recently that Chrome and Firefox have now implemented the long stated policy of not accepting as secure any website using SHA-1 if the SSL certificate expires after 2015. Liftmaster is using SSA-1 which is being deprecated and their SSL certificate expires in 2017. This certificate was issued 07/2014 after it was well documented that SHA-256 needed to be used! Come on guys it is time to get with the program. (We know you are following us so hope this helps you update your site). This should be easily corrected when Liftmaster reissues their SSL certificate with SHA-256 which is the current standard. The dealer portal for Liftmaster (dealer.liftmaster.com) uses a lower standard certificate protocol at the moment and should be updated as well. It should be noted that this is not a problem for chamberlain.com as it does not use SSL and in fact https://www.chamberlain.com redirects to http://www.chamberlain.com. Chamberlain is the parent company of Liftmaster. Communications are encrypted even if the site uses SHA-1 but per Google Chrome - "The site is using outdated security settings that may prevent future versions of Chrome from being able to securely access it".Firefox reports - "The connection to this website is not completely secure .. because the encryption is not strong enough". SSLlabs.com reports the signature algorithm is weak.and overall grade is "C". Garage Door Co Repair Pros strongly advocates the use of strong SSL with perfect forward secrecy (PFS). Our domains (ie: "https://www.gdcorp.com") have been using SHA-256 and PFS for quite some time. In fact we renewed our previous SHA-256 cert in January 2015. Our servers get an "A" rating from SSLlabs.com

Comments

gdcorp Tue, 06/09/2015 - 06:14

Liftmaster website has been updated and is now secure with SHA-256 and PFS.