About the UI displaying "Connection is encrypted"

Whether a website is secure or not, there are at least three basic elements, one is https encryption, the other is WAF protection, and the third is trusted identity validation, all three are indispensable. That's why the ZT Browser innovatively displays four security-related icons: encryption  mi  waf  t4 , not only has the security padlock and SM2 encryption icon, but also has the WAF protection icon and the website trusted identity validation level icon. Please refer to the innovation UI Icon Summary of ZT Browser for details.

ZT Browser is developed based on the open-source Chromium. This default UI of security padlock is displayed as "Connection is secure". We think this is inaccurate. The website deploys SSL certificate and realizes HTTPS encryption, this is not equal to secure, it can only be explained that the connection from the browser to the server is encrypted, so we modify this display as "Connection is encrypted".

Connection is encrypted Connection is encrypted

And we also modified the display "Security" to display the Website Security Rating and rating level, these include the SSL security test, because it is still not secure for an incorrect SSL certificate deployment. During the process of shaking hands with the web server using HTTPS protocol, ZT Browser has learned about all deployment information of the SSL certificate, so the rating level will be displayed after the padlock is displayed for the website visitor to know the SSL certificate deployment situation, especially for the website administration to know it after completing the SSL certificate deployment, so that the administrator can fix problems in time. Please refer to the “ZoTrus Website Security Test Rating Service Rating Guide” for details.

The first element of website security is HTTPS encryption to realize the information transmission from the browser to the server is encrypted to prevent confidential information from leaking in the transmission process, effectively preventing various illegal stealing and illegal tampering. This is the basic requirement, without HTTPS encryption, all browsers will display "Not secure", which is a correct and accurate.

The second element of website security is WAF protection, which is also indispensable. WAF can effectively prevent various attacks and prevent illegal stealing and illegal tampering after the information reaches the server from browser. HTTPS encryption guarantees confidential information to reach the server security, and after the information arrives at the server, the work that prevent various attacks can only be completed by the Web Application Firewall. Without WAF protection, HTTPS encryption is also meaningful, this point is very important. HTTPS encryption and WAF protection are all duty and one section of each.

WAF protection

The third element of website security is the website trusted identity validation. A fake bank website may also have HTTPS encryption, and the browser also shows the security padlock. It may also have WAF protection. However, these do not prove that this fake bank website is secure! Therefore, the website trusted identity validation is the third important factor of website security, which is as important as HTTPS encryption and WAF protection! The simplest website trusted identity validation is to deploy the IV SSL certificate, OV SSL certificate and EV SSL certificate that has validated the website identity.

It is recommended to choose the ZoTrus HTTPS automation management solution, which does not need to apply for an SSL certificate from a CA, install an SSL certificate on the web server, or install ACME client software on the web server, and fully automatically implement https encryption and WAF protection. Since the validity period of SSL certificates will be shortened to 47 days, the traditional solution of manually applying for and deploying SSL certificates cannot meet the application requirements of many website systems that need to deploy SSL certificates, and the automatic management of SSL certificates must be realized. In particular, the critical information infrastructure system that needs to realize the SM2 algorithm HTTPS encryption, the solution that does not affect the normal operation of the existing business system with zero transformation of the original web server is required, ZoTrus solution not only automatically deploys the RSA/ECC SSL certificate, but also automatically deploys the SM2 SSL certificate to realize the automatic management of the dual-algorithm SSL certificate. ZT Browser preferentially uses the SM2 algorithm to achieve HTTPS encryption, and other browsers that do not support the SM2 algorithm use the ECC algorithm to achieve HTTPS encryption.

ZoTrus HTTPS automation management solution