Despite the fact that you get a big red threatening warning telling you that the certificate has not been verified by one of those certificate authorities or has expired, what is bad with it in comparison to just using HTTP? Is it worse or not?

According to Google Chrome (http://www.sslshopper.com/assets/images/chrome-beta-ssl-2.png) « an attacker may be trying to intercept yours communication ». What makes this browser and almost all others raising this warning in the case of a self-signed/expired certificate (and I did not write a certificate explicitly verified as invalid) and not in the case of browsing with HTTP? Again, is it less secure than browsing with HTTP?

It is clearly more threatening to browse a website with self-signed HTTPS certificate than browsing the exact same website with HTTP so, are those modern browser behaviors a scam to make honest companies buy SSL certificate that they may not need?

Self signed certificates are not strictly worse than certificates signed by a reputable CA, and in all technical ways they are better than plain HTTP.

From the signing and encryption perspective they are identical. Both can sign and encrypt traffic so that it is not feasible for others to snoop or make modifications.

The difference is the way that the certificate is designated as trusted. With a CA signed certificate the user is trusting the set of trusted CAs that they have installed in their browser/OS. If they see a certificate signed by one of these they accept it and everything is fine. If it isn't (such as when self-signed) you get a big scary warning.

The reason this warning is displayed for self-signed certificates is that the browser has no idea who controls the certificate. The CAs that the browser trusts are known for verifying that they only sign the certificates of the web site owner. Therefore the browser, through extension trusts that the certificate's corresponding private key is controlled by the web site operator (and hopefully it is). With a self-signed certificate the browser has no way of knowing if the certificate was generated by the web site owner, or some man in the middle that wants to read your traffic. To be on the safe side, the browser rejects the certificate unless it is proven valid...and you get a big red warning.

The important thing about this warning is that it gives you a way to get information about the certificate. If you know what certificate you expected to get you can trust that certificate, and your browser will let you connect quite happily. This is of course great if you know the certificate you expect to get. It allows you to not even trust any CA (any trusted CA could generate a trusted certificate and intercept your traffic if they wanted to) if you want.

If you don't verify the certificate you are gaining nothing over unencrypted HTTP as anyone between you and the server could just generate their own certificate and you would be none the wiser. This could be considered worse than plain HTTP as us humans with our feeble emotions might be mislead into thinking that our connection is secure, but the only technical downside over HTTP is some wasted CPU cycles.

So for a private site, which only a couple of people access and you can distribute the certificate a self-signed is actually better than a trusted certificate. However, for the public internet you can't expect the users to verify the certificate (how would you securely transmit the details anyways) and if wise they would probably turn and run.

As for expired certificates they aren't really worse than valid ones. The reason certificates expire is so that they are invalid by the time that cracking them becomes feasible (hopefully). So the difference between a certificate that expires tomorrow and one that expired yesterday is negligible. However I would be more than a little concerned about a certificate that expired years ago.

Opportunistic Encryption

If you want to provide a little extra security there is a new standard (that is only implemented in Firefox at the moment).

Opportunistic encryption provides encryption between supporting clients and servers without authentication. It allows you to use a self-signed certificate without generating any warnings.

The reason why opportunistic encryption is better then using a self-signed certificate and HTTPS is that it provides no suggestion to the user that the connection is secure. To a user the connection appears to be a regular unencrypted HTTP connection but under the hood an SSL connection is being used to thwart passive attackers.

Again, if you are actually verifying the self-signed SSL certificate that is the best. But if you are just trying to provide unauthenticated encryption to stop traffic sniffing opportunistic encryption provides the upsides without tricking the user into thinking they are using a secure connection.

After all the comments and further researches, I add my own answer.

I consider that a self-signed and/or expired HTTPS certificates (that raise a warning in the browser) are worse than just using HTTP for the following reason:

When a user is browsing with HTTPS, he/she presumes that it is secure and then the website should return a valid certificate. If it is not the case (self-signed and/or expired HTTPS certificate) then it is not secure. It could be a real threat or a simple problem in the certificate configuration/deployment but still, it is a problem and the user should stop browsing if he/she don’t have more information about this site.

However, there is a situation, in which I found myself today, where a user have more information about the website. Let imagine a small company in which only two employees need to access a website administration platform. If those two employees are aware that the platform does not have a certificate signed by any CAs (Certification Authorities), it is still better to communicate through this unsecured HTTPS than through unsecured HTTP because, at least, the communication is cyphered. Doing this would reduce the attack possibilities even if it does not prevent it.

That said, even if today HTTPS certificate can be delivered freely and quickly, it would have been great, at the time of costly certificates, to have an intermediary protocol between HTTP and HTTPS. A not-less-secure-protocol-than-HTTP where there is no authentication like SSL certificates but where the data is cyphered.

Self Signed and Certificate Authority Signed certificates ONLY provide encryption and an HTTPS connection, but that is where the similarities of security end. Unfortunately with self signed digital certificates, only the person who created the certificate from their own server knows anything about it. For example... where is this person storing the key pair? Who else has access to the key pair? How does a visitor know that this is the legitimate owner of the domain? The point is, without having knowledge of the process, a site visitor (even a technically skilled visitor) has no idea how the key pair creating that HTTPS connection has been handled. When site visitors see an HTTPS connection signed by a reputable Certificate Authority such as thawte (owned by Symantec) for example, at least the visitors know that the domain ownership was verified and the signing credentials are highly secured by a trusted authority.

A self signed certificate is functionally equivalent to a signed one (assuming the same key length). The inherent security is the same. However, that's not to say that it provides the same level of security to the end user since they have no way of knowing who signed the certificate or if it should be trusted.

It's no easier for the ISP (or any one) to read communication sent with a self signed as it is with a certificate authority signed one.

yes, websites which use self-signed certificates are not registered nor verified - attackers can just swap the certificate and pretend to be the website - being used to click away these warning you will not notice the difference.

SSL certficates are free nowadays, every "webmaster" who doesnt use these services is ... incompetent, in fact you should avoid these sites.

are those modern browser behaviors a scam to make honest companies buy SSL certificate

like i said : certificates are free, the webmaster only needs to register - which is done in less than 20 minutes.

Again, is it less secure than browsing with HTTP?

in some ways : yes because it "trains" users to ignore very important warnings