I’m not specialized in security, can someone explain what are the implications of the below messages?
Firefox: This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1.
Chrome, Android This site uses a weak security configuration (SHA-1 signatures), so your connection may not be private.
Chrome, desktop This site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it.
It’s Google jumping the gun on a potential future security issue. Sites with SHA1 certificates are currently still safe, google’s just trying to push them into making longterm recommended upgrades.
Like others, I disagree with The way Google has chosen to handle this, because I think it’s basically training users to ignore security warnings.
Report it to support@smartthings.com. It’s their issue, really, and they can make the easiest fix by getting a new cert that expires 12/31/2015 (no error message will be displayed then) while they figure out how they want to handle it long term. That should be a free change from their cert provider.
@mager who at smartthings owns the developer portion of the website? Any user, including regular customers, smartapp developers, and journalists, who use chrome or Firefox are going to get a message that the smartthings IDE is not fully secure. Given the recent wink outage, this is not going to be a good idea.