Can a page detect when user has loaded it insecurely

Question

Is there any way on an HTTPS page to detect (via javascript) whether the user has loaded the page despite SSL certificate problems?

Normally browsers make users click through several exception warnings and turn the address bar red, but in some contexts users may ignore this, and as an author of an application, I'd like to place additional in-application warnings to warn users against doing this. It would also be useful to be able to log such events.

Answer 1

The short answer it that you can't.

The reason for this is that if you could it could raise some security issues.
The SSL validation is done by 3rd party components in the browsers and you don't have and way of "asking" the browser for the status.

For example in Chrome

The implementation itself is part of the browser code and not part of the V8 engine which is the JavaScript engine used by Chrome

So the answer is No, you can't tell if the connection is secured or not.

The only thing you can know with JavaScript is the protocol and not more than that.

Answer 2

The Javascript in your browser doesn't have function to do this. You need to use an another language to get it.

Alternative 1 :

You can use an ajax request to get SSL info, with extern API like How's My SSL? or with your own PHP page with JSON response.

Alternative 2 :

Or you can print SSL info (last link) with php in your page, in js variable.

See :

• Can "Show Insecure Content" Browser Prompt Be Detected?
• How's My SSL?
• How to get SSL certificate info with CURL in PHP?
• Firefox has SSleuth addon (javascript) that ranks an established SSL/TLS connection to estimate the connection strength. It also gives a brief summary of the important SSL/TLS connection parameters.

Answer 3

Have you considered using online tools that analyze a site and provide a status? Something like https://www.jitbit.com/sslcheck/ might work.