An HTTPS Site Could Have a Green Padlock and Still be Insecure

If a website uses HTTPS, Safari will display a green padlock next to the domain in the address bar. But in some cases it could still be insecure.
In analysis of the web’s top 10,000 HTTPS sites—as ranked by Amazon-owned analytics company Alexa—the researchers found that 5.5 percent had potentially exploitable TLS vulnerabilities. These flaws were caused by a combination of issues in how sites implemented TLS encryption schemes and failures to patch known bugs (of which there are many) in TLS and its predecessor Secure Sockets Layer. But the worst thing about these flaws is they are subtle enough that the green padlock will still appear.