I get this too. Console report: Obsolete Connection Settings The connection to this site uses an obsolete protocol (TLS 1.1), an obsolete key exchange (RSA), and an obsolete cipher (AES_128_CBC with HMAC-SHA1). Overview Main Origin Reload to view details boot.js Failed to load resource: the server responded with a status of 403 (Forbidden) https://mail2.virginmedia.com/appsuite/v=7.6.2-48.20161107.142237/apps/themes/default/favicon.ico Failed to load resource: the server responded with a status of 403 (Forbidden) Taken from chrome, I get the 'Forbidden' error using Firefox.
“GOOGLE CHROME 56 has begun rolling out across Windows, Mac and Linux.The latest version of the world's most used browser brings with it a number of new security features and bug fixes.
Top of the list is that this is the first stable version of Chrome to be 100 per cent HTML5 by default for all users, meaning if there's an option not to use nasty plugins, it will take it. Chrome already blocks Flash content, but this gives the full enchilada to HTML5, a symbolic milestone in the interwebs history.
Chrome 55 brought in the HTML5 first rules but only for a small number of test users.
Also new is a clearer labelling of unencrypted HTTP sites, promised for some time as the company continues its crusade to make the web as HTTPS as possible. Anything that collects data but isn't secure will now be marked clearly in the address bar.
Chrome will also comment if it detects that you are using outdated security controls – even if it continues to support them (such as TLS 1.1).
For example – From the Chromium TLS Archives -
“Deprecation of TLS Features/Algorithms in ChromeSHA-1 Certificate Signatures
You may see the following messages when you click on a yellow/red lock icon in Chrome:
"This site uses a weak security configuration (SHA-1 signatures), so your connection may not be private."
"The site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it."
This means that the certificate chain for the current page is contains a certificate using a SHA-1-based signature, which is outdated and deprecated in Chrome. There are two criteria that determine which lock icon is shown in Chrome:
the expiration date of the leaf certificate and
whether there is a SHA-1-based signature in the certificate chain (leaf certificate OR intermediate certificate).
Note that the expiration dates of the intermediate certificate do not matter. Also, SHA-1-based signatures for root certificates are not a problem because Chrome trusts them by their identity, rather than by the signature of their hash. Starting in Chrome 42, the following logic applies:
If a leaf certificate expires in 2016 and the chain contains a SHA-1 signature, the page will be marked as "secure, but with minor errors" (yellow icon).
If a leaf certificate expires in 2017 or later and the chain contains a SHA-1 signature, the page will be treated as "affirmatively insecure" (red icon).”
So, the security warnings you are seeing are intended to persuade site owners to upgrade in respect of the above, and also to move forward from, say, TLS 1.1 to 1.2 etc.
Given the recent problems with maintenance of the VM mail platform, I am loath to suggest that the VM email support team should embark upon a major security software upgrade tomorrow! Their track record does not inspire confidence.
Regarding your 403 error, I suggest that is probably down to a mismatch between your cookie data and the VM website. Suggest you clear out ALL VM cookies from your browser, close down the whole browser and then try again. (I just counted the number of VM cookies in my browser - 34 – and that’s just a week since I last cleared it).
Thank you for your explanation BillC45. I am indeed using chrome 56 and I guess that chrome is refusing to establish a connection for the reason you state. Firefox ~(ver. 51) is now working again without intervention from me, for how long; who knows. I'll take advantage while I can.
Forgot to say - for the record, my Chrome was upgraded to 56.0.2924.87 on 01/02/2017 @ 09:37. (according to the timestamp on the relevant Google Chrome folder in Program Files (x86)). I hope it doesn't generate a flood of "I haven't changed anything" posts!