Forum Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
WSH
Recognised Expert

‎11-12-2025 10h13 - edited ‎11-12-2025 10h14

639 Views
Message 11 of 19

Re: BT Hub Manager

A number of years ago, browser publishers started encouraging people to use HTTPS instead of HTTP.  The difference?  HTTPS is HTTP-Secure.  The reason it is “secure” is because it encrypts the traffic between your device and its destination, instead of leaving it as plain, readable text.  Browsers now pop up a message to warn users when the traffic is not encrypted, i.e. “not secure”.

While this might be useful for traffic travelling across the internet, where it could be intercepted and read, possibly even tampered with, it serves no purpose if the traffic is just between your device and the router within your own home.  (After all, you’re not going to hack yourself and no one from outside should be in there anyway).

The reason this change has been brought in, I suspect, is to calm peoples’ fears when their browser displays this message about “not secure” and they do not understand what it means.  Unfortunately, the way it’s been done seems to have achieved just the opposite.

Reply
WSH
Recognised Expert

on ‎12-12-2025 18h26

518 Views
Message 12 of 19

Re: BT Hub Manager

Just a further clarification of this.

I’ve just received this firmware update myself, so I can now see what they’ve done.

As I said above, the switch to HTTPS is to encrypt the connection, as that is becoming the standard across the internet, so browsers flag the use of the older HTTP as “not secure” etc.  However, it’s a little more complicated than this.

The encryption is done using a key supplied by the website you are trying to connect to.  It’s supplied in a “certificate”.  This is not a certificate in the paper sense but more akin to ‘certifying’ that the website you are connecting to is genuine.  The certificates are provided by a third party that confirms the identity of the company it issues the certificate to.  These “Certificate Authorities” charge the company for this service.

As a cheaper alternative an encryption key can be supplied for HTTPS using a “self-signed certificate”.  The problem is that these are not verified by a third-party Certificate Authority and so the site you are connecting to might not be genuine.  For this reason, browsers will still flag these as potentially “not secure”.

As I said before, the fact that you are connecting to your own router, in your own home means you know it is genuine and, as you are not going to hack yourself, even the encryption is not really necessary, it’s just becoming the standard browsers use to establish a connection today.

I hope that helps calm any worries.

Reply
licquorice
Distinguished Sage
Distinguished Sage

on ‎12-12-2025 18h42

509 Views
Message 13 of 19

Re: BT Hub Manager

Yes, a self signed certificate was not the best idea but obviously in view of the number of hubs and no risk I can see why it was done. 

It could have been handled somewhat better though.

Reply
gg30340
Distinguished Sage
Distinguished Sage

on ‎12-12-2025 22h00

470 Views
Message 14 of 19

Re: BT Hub Manager

I have no idea how long this web page has been available but it is what comes up if you follow the link on the BT Hub Manager Redirect page.  "⚠ You might see a browser certificate warning - what do I do?

Security warning when accessing the Hub Manager | BT Help

Reply
WSH
Recognised Expert

‎12-12-2025 22h03 - edited ‎12-12-2025 22h04

466 Views
Message 15 of 19

Re: BT Hub Manager

Oh, good to know I'm not just making it up as I go along then!

0 Ratings
Reply
chrisjp
Recognised Expert

on ‎12-12-2025 22h13

458 Views
Message 16 of 19

Re: BT Hub Manager

Despite the BT assurances that warnings on your browser can safely be ignored, there is no explanation of why this move to hpps is needed.
The communication is just between your computer and your hub - it does not involve the internet at all. So why on earth has BT introduced this unecesessary level of security, forcing users to click through a bunch of warnings every time they want to access the Hub Manager?
0 Ratings
Reply
gg30340
Distinguished Sage
Distinguished Sage

‎12-12-2025 22h21 - edited ‎12-12-2025 22h21

451 Views
Message 17 of 19

Re: BT Hub Manager

@chrisjp 

It will probably be because some web browsers will in future make it more difficult for http to be used. 

See info about Chrome.

what browsers do not allow http - Google Search

Reply
WSH
Recognised Expert

‎12-12-2025 22h22 - edited ‎12-12-2025 22h26

449 Views
Message 18 of 19

Re: BT Hub Manager

If you reset the bookmark used by your browser to include the HTTPS:// you don't need to click through all the warnings.  (Although it will still say "not secure" at the top).

Edit:  @gg30340   I did say before that I suspected it was laying the foundations for changes to come.

Reply
licquorice
Distinguished Sage
Distinguished Sage

‎12-12-2025 22h22 - edited ‎12-12-2025 22h23

448 Views
Message 19 of 19

Re: BT Hub Manager

@chrisjp Because with http, most browsers barf that the connection is not secure, but instead of a proper certificate that would stop all the warnings, BT have opted for self certification so just exchanging one warning for another.

0 Ratings
Reply