Safari changes URL from HTTP (which I typed and want) to HTTPS.

The single website that's giving me this problem is:

www.escapees.com

Thanks,

Ron

Thanks BobTheFisherman & Chris. Given that the website is redirecting me to a secure site why won't Safari give me the option of going to that https site? Even if the site has a certificate problem why am I not allowed an option of going to the site?

---Ron

Linc,

Thanks for the detailed response. I carefully followed your instructions this evening and here's what I found:

I backed up the computer using both Time Machine and SuperDuper!

I launched the Keychain Access application

Your next instruction was "From the Category list in the lower left corner of the window, select My Certificates".j

When I look at the menus on the left side of the screen it shows a list titled "Keychain" to select from near the top and then below that a list called "Category". From your instruction I was unsure which item I should select under the "Keychain" list. I tried all combinations of Keychain with "My Certificates". There were no "Go Daddy" certificates shown in the list on the right side of the screen. Note that while trying all other combinations of Keychain and Category I found a total of two Go Daddy certificates and they were both listed in Keychain=System Roots / Category=Certificates. Note that this is Certificates and NOT My certificates.

Trying all combinations of Keychain and Category I did not find any certificates marked with a red X.

Trying all combinations of Keychain and Category I did not find any certificates marked with blue-and-white plus sign. All the icons have one of two identical appearances - one is gold colored, one is blue colored.

So I found nothing to move to the desktop or delete or change.

I did retry going to the problem website and got the same result as before.

Any other things I should be trying?

Thanks,

Ron

Thanks for the suggestion. I had previously tried just deleting the one Escapees.com cookie I found - that didn't help. Today I deleted all cookies - same problem as originally noted in my first post.

I do note that even though I fail to get on the website Escapees does manage to put a cookie on my computer. I went through the process of deleting all cookies, verifying that the cookies had been deleted, trying to get on the target website, noting the same error message, went back to look at the cookie list in preferences, and found an Escapees cookie - I repeated this test twice with the same results.

Any other ideas?

Thanks,

Ron

Linc,

I have tried it some time ago on a public WiFi and had the same problem. Also, I have an acquaintance that is using the same version of OSX and Safari on a Mac Pro and she is having the same problem I am.

Also, I tried getting on that website with my iPhone using Safari. At first it gave me a message regarding a certificate problem and asked me if I wanted to connect in spite of the problem - I clicked that I wanted to connect - it came back and made me type in my iPhone passcode and then connected me to the site. It connected with an https secure connection. The next time I tried connecting to the website with the iPhone it connected right away.

I've been discussing this issue on the Escapees member's Forum for the past 2 or 3 days. If you have the time you might want to review this thread for additional clues. I can get on this forum with no problems but it goes to a totally different URL than the main Escapees website.

http://www.rvnetwork.com/index.php?showtopic=118823

I'm starting to think it's a problem with their website that my computer and software is more sensitive to than PCs running IE, PCs and Macs running FireFox, and Macs running newer versions of the OS and Safari. But even the guy running IE on a PC gets error messages that he attributes to problems on the website - but he does get past them and get connected with an http connection regardless whether he types https or http in the URL.

The website administrator (Travis in the thread) just claims that their recently updated compliance with new PCI criterion might be causing problems with older browsers. That argument is probably bogus since I know that the guy running IE on a PC always runs the latest/greatest versions of S/W.

I'm starting to think that there is just something in the design of my versions of the OS and/or Safari that won't give me the option of allowing connection to a website with a bum certificate even if I want to. On the other hand I can remember times when it has given me that option in the past on other websites so perhaps this particular flavor of problem is taking a different route through the s/w that never offers me the option to go ahead and connect.

Would appreciate your thoughts on this and any other suggestions you might have. Thanks for all the help.

Ron

Linc,

That sounds like the same conclusion I arrived at.

Thanks for the help,

Ron

I now know why I'm having trouble getting on the Escapees website. The “executive summary” is that the version of the Safari browser I’m using is not designed to support the encryption standards supported by the Escapees web server.

If anyone’s interested in the gory details continue reading.

I’m the sort of person that likes to understand the root cause of a problem rather than just bypass it somehow and get on with things. So I spent some time troubleshooting and understanding why I’m having this problem getting my Safari browser to connect to the Escapees website.

Starting with “first principles”:

The ONLY website I am having a problem with is Escapees.

Escapees has recently “overhauled” their website.

Before this overhaul I had no problems getting on the Escapees website.

Ergo, some change to the website left it incompatible with OSX/Safari. This actually was the right conclusion - but, what exactly was it that changed to caused the incompatibility, what is it about the Safari browser I’m using that is incompatible with this single website, and why are some others on this forum reporting that they are still able to use OSX/Safari without problems? Another member of the forum reported privately to me that she is using the same versions of OSX and Safari I’m using and has the same problem I'm having. This gave me some confidence that it wasn’t just some software or hardware “defect” with my particular system.

I discovered that the new website redirects all connections to be secure (i.e., https, encrypted). Prior to the overhaul I always communicated with the website using http. I've since learned that quite a few websites are now doing this (e.g., Wikipedia)

Use of https involves the use of “certificates” and certificates are known to cause problems if they aren’t properly dated, installed, approved, validated, etc.

So I spent quite a bit of time researching if my computer might have a problem with the certificate used by the website. This led to a discussion on the Apple Support Community forum where Linc had me try several experiments and possible fixes. The good news was I learned some new things about my computer and networking – the bad news is we were unable to solve the problem. In the end he advised I either upgrade my OS and Safari or use Firefox in place of Safari. He concluded that my version of Safari could not support this website and I can’t upgrade Safari unless I first update my OS to the latest version. I’m reluctant to upgrade my OS because there are still quite a few folks complaining about problems with the newest OS and I’d rather not do the upgrade and then find out I’ve fixed this problem in exchange for a few new ones.

At this point I was still thinking it had something to do with the certificates. I found a way to determine what company issued/signed the Escapees certificate and also look at the content of the certificate. There are several companies that provide this service – the Escapees certificate was provided by “Go Daddy”. I called the 24/7 support line at Go Daddy and explained the problem I was having. The help-line tech tried to get onto the Escapees website and had no problem. Then he tried it with his own personal Mac computer (rather than the company's computer) and experienced the same exact problem I was having. He then tried it on a co-worker’s non-company-owned computer and again had the same problem. He was quite surprised but had no explanation other than there might be some problem with the way the certificate was installed or configured on the host server. He said this is a problem that would have to be addressed by the Escapees' server administration techs.

I felt like I’d gone full circle and aside from learning a few things hadn’t made any progress in actually understanding or resolving the problem.

Earlier the Escapees website administrator reported: The problem is that in order to meet PCI compliance, the computer the store runs on cannot allow connections by SSL or TLS 1.0. PCI is an internet standard and the change appears to be fairly recent because we have not had this problem in the past.

Browsers that connect by using SSL or TLS 1.0 will be rejected. This has affected mostly Safari users but any browser not configured to connect using TLS 1.1 or 1.2 will not be able to connect.

Due to having to be PCI compliant, there is no workaround. The end user must be using a browser that is compatible. It is not a problem we can "fix" on our end other than moving the store to another computer. Even then the store computer would still have to be PCI compliant.

While I didn’t doubt what he was saying it just seemed extremely unlikely that my bank, credit card companies, brokerage, and the several other websites I frequent wouldn’t have also made this change, and rendered my browser incompatible. If indeed the PCI DSS (Payment Card Industry Data Security Standard) was mandating this why wouldn't ANY of these other companies have made the change. PCI makes these mandates to avoid known security issues and I assumed those other companies would be at least as interested in providing the latest in security as is the Escapees store – those big companies each have an "army" of IT folks and they have a lot more to lose!

I decided to try to understand more about PCI and the relevant encryption standards. That’s a science in itself. Here’s a very brief summary of what I “think I know”. “In the beginning” secure internet communications used a protocol/technique called “SSL” (Secure Sockets Layer). It is a standard way of encrypting the communication messages between the user’s computer (client) and the website's computer (server). The techniques used involve data “keys” - sort of like a pseudo random number that is used by an algorithm to convert open data messages into encrypted data messages. As computers became more powerful, and the security threats evolved, SSL was forced to evolve to make these encrypted messages more difficult to “crack”. The original SSL has evolved to TLS (Transport Layer Security) over time through the following versions: SSL 1.0, SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2.

TSL 1.0 was introduced in 1999 and is still widely used on the internet. TLS 1.1 (2006) and 1.2 (2008) came about in response to “man in the middle” and “BEAST” threats. Although these threats and the encryption upgrades to address them have been available for several years, nearly all websites still allow the use of TSL 1.0. Recently PCI has recommended (mandated?) that all new website implementations allow the use of ONLY TSL 1.1 and 1.2 and furthermore they must stop using any version of SSL and TSL 1.0 (and perhaps even TSL 1.1) by June 30, 2016. Since PCI audits of a secure website must meet this requirement after June 30, 2016 I expect that all of those secure websites I use will stop supporting TSL 1.0 sometime over the next year.

I found a software tool that allowed me to test any website to determine which encryption standards it allowed and which ones it does not allow. I found that all the secure websites I use still support TSL 1.0 except for the Escapees website which only supports TSL 1.1 and 1.2. Further research indicated that the version of Safari I’m using supports TSL 1.0 but not TSL 1.1 or TSL 1.2. Newer versions of Safari do support TSL 1.1 and TSL 1.2.

Other folks that are using any one of several popular web browsers that are not the latest version might well run into this same problem. This website has a comprehensive list of browsers vs. encryption standards supported that might be of interest. The table also shows the vulnerability of the those browsers to various threats.

For the time being I’ve downloaded the latest version of Firefox for Mac. It is compatible with the Escapees website so I’ll use it just for that. Before too long I’ll probably update my OS and Safari.