HomeGadgets & AppsOlder Android phone just dodged a big web browsing problem

Older Android phone just dodged a big web browsing problem

Your older Android device will still be able to browse websites next year after Let’s Encrypt came up with a way for these devices to be able to visit sites that use its certificates after September 2021.

As many as a third of existing Android smartphones were set to see error messages from websites secured by the certificate authority, but the non-profit now has a workaround for the issue.

On September 1, 2021, millions of Android phones running 2016’s Android 7.1 Nougat or earlier would no longer be able to connect with websites using Secure-Socket Layer (SSL)/Transport Layer Security (TLS) certificates from Let’s Encrypt.

The key problem was that Let’s Encrypt’s original root certificate relied on a cross-signature from the certificate authority IdenTrust, which issued the “DST Root X3” which is set to expire on September 1, 2021.

Let’s Encrypt now has its own root certificate, ISRG Root X1, but there has been concern because Android versions prior to 7.1.1 don’t trust Let’s Encrypt’s ISRG Root X1. And because there are so many Android devices running versions prior to this, the situation could have translated into a lot less access to websites that rely on Let’s Encrypt’s digital certificates to provide HTTPS connections.

According to Let’s Encrypt, IdenTrust has now issued a three-year cross-sign agreement for its ISRG Root X1 from IdentTrust’s DST Root CA X3. The move should buy sufficient time for people to replace these older Android devices that will then become a less significant source of web traffic.

The new cross-sign extends beyond the expiration of DST Root CA X3. The workaround should function for Android because the Android does not enforce the expiration dates of certificates used as trust anchors.

“We will be able to provide subscribers with a chain which contains both ISRG Root X1 and DST Root CA X3, ensuring uninterrupted service to all users and avoiding the potential breakage we have been concerned about,” Let’s Encrypt states.

“We will not be performing our previously-planned chain switch on January 11th, 2021. Instead, we will be switching to provide this new chain by default in late January or early February. The transition should have no impact on Let’s Encrypt subscribers, much like our switch to our R3 intermediate earlier this month.”

Let’s Encrypt explains that its self-signed certificate which represents the DST Root CA X3 keypair is still expiring, but browser and OS root stores contain “trust anchors”, and Android is designed to ignore the anchor that defines a date after which it should not be trusted.

By ZDNet Source Link

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS