---

@Ren wrote:

Does it say "Not Secure" in the address bar (to the left of the hub address) when you use http://192.168.1.1 ?

---

Mine does - and has for a loooong time - I disregard it.

I know. I was replying to  @Ian06, who said "I get the same issue if I deliberately access my router explicitly as https://192.168.1.1"

@Ren  - I use chrome and using http I do get a warning symbol before the address bar to say the connection is not secure. when I use https I get a warning page telling me the connection is not secure.

When I access the router with https://168 etc... I get this

My router does allow me to install a certificate for https but I don't access it over the internet, only over my local network so I haven't bothered to work out how to generate and install a certificate.

@Ren 

Panic not!

This is a false positive that's been highlighted by browser updates. 192.168.1.xxx is a dedicated local IP address range that is confined to your local network, it is never transmitted into the wild outside world, where encryption is increasingly recommended. Consequently, there is no need for the address to be encrypted. No doubt some-one will identify a router that requires accessing over an encrypted https link, but after using many different makes of router, I have never come across one.

Unfortunately browsers flag up this warning as they seem unable to tell between an internal and external IP address.

@Ren 

If it is really causing you concern then I suggest you research "privacy and security' settings for your preferred browser

There you should find settings regarding http and https preferences

chrome://settings/security look for "secure connections"

The Hub Two will allow an HTTPS connection however, as has been pointed out, it will cause the web browser to throw an alarmist warning. This is because the Hub Manager is using a self-signed certificate that is not validated by a certificate authority (intentional - there are costs/complexities with serving a 'proper' certificate).

Your web browser will not present a warning if you explicitly type the address as http://192.168.1.254 (note, no 's' in 'http') however, there will still be an address bar nag to tell you the site is insecure. Again, this is expected because the Hub Manager is being accessed over a non-encrypted HTTP connection.

Your hub is local to you so the transmitting of unencrypted information arguably isn't a huge issue. The only people that could see the information being passed backwards and forwards are others on your local network - and if you've people connected to your network who shouldn't be there - then I'd say you've bigger things to worry about 😉

If your local network is only accessed by people you trust, and you're confident in keeping it that way, then use http://

If there are people you don't completely trust on your network, or you want to remove any (extremely slim) possibility of somebody else on your network 'sniffing' things like your hub admin password, then use https:// and accept the big browser warning by clicking the options to accept and proceed. The address bar will still moan about the lack of certificate validation but the connection between your device and the Hub Manager will be encrypted and therefore can't be snooped on.

None of this is new behaviour and it's the way the Hub Two has behaved since inception.

Same as it ever was.

Perhaps firefox tries to redirect http to https?

(Because my stored link for my local access to the 'router' is...

http://192.168)

Perhaps more than one browser is now 'defaulting' to trying to use https? (But some don't)

@grumble No browser 'tries to force HTTPS although there is a setting (in FF at least) where you can set it to do so, but you must explicitly set it -it is not on by default.

More intresting would be how your router is seen from outside your network............ 

You are correct. It would be a server-side redirect. My brain slipped out of gear and into neutral.