X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

I can't bypass certificate warnings anymore (HSTS)

Kuphostiwe

In short, I want to be able to bypass certificate warnings.

Yes, I've seen this: https://support.mozilla.org/en-US/questions/1169632 "When there is HSTS(HTTPS Strict Transport Security) set on the server, you cannot add a exception"

In less short, my case (because one needs to always justify one's methods), I set up a subdomain on a separate IP/host and I'm trying to test some project for which I use a webpage as a small visible part. However, the domain uses HSTS (HSTS == very nice).

However, I'm just casually testing something using a subdomain (or even a fake domain, or a real domain pointing to a new server being prepared, maybe using /etc/hosts) pointing to an external or internal IP on some old computer on my LAN or even on my own computer. And that's not possible anymore.

People should always have the option to bypass a warning, and I'm all for the warnings. If anything, there shouldn't have been a box with the option "always remember" ticked by default. There are other cases where this can be useful, some we don't even know yet.

In short, I want to be able to bypass certificate warnings. Yes, I've seen this: https://support.mozilla.org/en-US/questions/1169632 "When there is HSTS(HTTPS Strict Transport Security) set on the server, you cannot add a exception" In less short, my case (because one needs to always justify one's methods), I set up a subdomain on a separate IP/host and I'm trying to test some project for which I use a webpage as a small visible part. However, the domain uses HSTS (HSTS == very nice). However, I'm just casually testing something using a subdomain (or even a fake domain, or a real domain pointing to a new server being prepared, maybe using /etc/hosts) pointing to an external or internal IP on some old computer on my LAN or even on my own computer. And that's not possible anymore. People should always have the option to bypass a warning, and I'm all for the warnings. If anything, there shouldn't have been a box with the option "always remember" ticked by default. There are other cases where this can be useful, some we don't even know yet.

Isisombululo esikhethiwe

hi, the spec for hsts says users should not be able to bypass certificate errors unfortunately: https://tools.ietf.org/html/rfc6797#section-12.1

Funda le mpendulo ngokuhambisana nalesi sihloko 2

Eminye Imininingwane Yohlelo

Fakela amapulagi

  • The IcedTea-Web Plugin executes Java applets.
  • Shockwave Flash 11.2 r202

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0

Eminye Imininingwane

philipp
  • Top 25 Contributor
  • Moderator
5291 izisombululo 23379 izimpendulo
Kuphostiwe

Isisombululo Esikhethiwe

hi, the spec for hsts says users should not be able to bypass certificate errors unfortunately: https://tools.ietf.org/html/rfc6797#section-12.1

hi, the spec for hsts says users should not be able to bypass certificate errors unfortunately: https://tools.ietf.org/html/rfc6797#section-12.1

Umnikazi wombuzo

Thanks for your reply, you've answered my question. It's sad though as this breaks many use cases.

Thanks for your reply, you've answered my question. It's sad though as this breaks many use cases.
Mozy-zilla 0 izisombululo 3 izimpendulo
Kuphostiwe

Impendulo Ewusizo

Very regrettable. As Firefox loses more and more market share to Chrome, it has descended into net nanny mode telling users "you can't visit this site even if you understand and accept the risks of a just-expired SSL certificate". Is google paying you to drive more people to Chrome?

Very regrettable. As Firefox loses more and more market share to Chrome, it has descended into net nanny mode telling users "you can't visit this site even if you understand and accept the risks of a just-expired SSL certificate". Is google paying you to drive more people to Chrome?
cor-el
  • Top 10 Contributor
  • Moderator
17422 izisombululo 157414 izimpendulo
Kuphostiwe

Impendulo Ewusizo

You can edit the SiteSecurityServiceState.txt file in the Firefox profile folder and remove lines that refer to a specific domain. Then you may be able to add an exception on the next visit.

You can edit the SiteSecurityServiceState.txt file in the Firefox profile folder and remove lines that refer to a specific domain. Then you may be able to add an exception on the next visit. *http://kb.mozillazine.org/Profile_folder_-_Firefox

Umnikazi wombuzo

cor-el said

You can edit the SiteSecurityServiceState.txt file in the Firefox profile folder and remove lines that refer to a specific domain. Then you may be able to add an exception on the next visit.

Thanks. This actually can work (while it is a bit of a pain to do).

''cor-el [[#answer-1009831|said]]'' <blockquote> You can edit the SiteSecurityServiceState.txt file in the Firefox profile folder and remove lines that refer to a specific domain. Then you may be able to add an exception on the next visit. *http://kb.mozillazine.org/Profile_folder_-_Firefox </blockquote> Thanks. This actually can work (while it is a bit of a pain to do).
Mozy-zilla 0 izisombululo 3 izimpendulo
Kuphostiwe

cor-el said

You can edit the SiteSecurityServiceState.txt file in the Firefox profile folder and remove lines that refer to a specific domain. Then you may be able to add an exception on the next visit.

I'll check it out and let you know. In the meantime I switched to another browser because this SSL block is a false-positive on a site I trust and actually use to build webpages. The other browser allows you to easily toggle on/off that flag and proceed to the blocked site.

''cor-el [[#answer-1009831|said]]'' <blockquote> You can edit the SiteSecurityServiceState.txt file in the Firefox profile folder and remove lines that refer to a specific domain. Then you may be able to add an exception on the next visit. *http://kb.mozillazine.org/Profile_folder_-_Firefox </blockquote> I'll check it out and let you know. In the meantime I switched to another browser because this SSL block is a false-positive on a site I trust and actually use to build webpages. The other browser allows you to easily toggle on/off that flag and proceed to the blocked site.

Okulungisiwe ngu Mozy-zilla

Umnikazi wombuzo

The SiteSecurityServiceState.txt thing doesn't seem to work (unless perhaps I restart FF... I don't want to do that).

This is not a usable solution. :/

cor-el, what is this "other browser" you speak of ?

The SiteSecurityServiceState.txt thing doesn't seem to work (unless perhaps I restart FF... I don't want to do that). This is not a usable solution. :/ cor-el, what is this "other browser" you speak of ?
Mozy-zilla 0 izisombululo 3 izimpendulo
Kuphostiwe

BatManuel said

cor-el, what is this "other browser" you speak of ?

This is Mozy-zilla, but the other browser is Yandex.

''BatManuel [[#answer-1010329|said]]'' <blockquote> cor-el, what is this "other browser" you speak of ? </blockquote> This is Mozy-zilla, but the other browser is Yandex.