Find out what resources are not going over HTTPS

Question

I have an ASP.NET site which should transport completely over HTTPS. However, in Google Chrome I get a warning that the page includes resources which are not secure. How can

Answer 1

I just discovered same behaviour in chrome (firefox showed a green lock), even though all resources were loaded via https.

The reason in my case was that the server supported broken (google poodle) SSLv3.

Setting ssl_protocols to exclude SSLv2 in nginx.conf like so

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE

fixed the problem for me.

I consider it unfortunate that chrome doesn't make this reason more transparent. "this page loads some resources insecurely" is very misleading if not wrong.