Just upgraded to FF 42 X64, now I can not access https sites

By jnelsoninjax
in Web Browser Discussion & Support

 Share

Recommended Posts

Grand Master

The_Decryptor Veteran

Posted
  • Veteran
Posted (edited)

I bet its your AV, do you have TLS/HTTPS scanning enabled?

To actually scan secure traffic, your AV has to break the security of the connection and fakes it for the browser to appear as if it's secure. If it doesn't know how to interact with 64bit Firefox, it can't lie to the browser, and the browser will see the connection is insecure. If that's the case, the only reason it worked with Cyberfox was because it's a 3rd party build, and it probably didn't detect it as a browser.

Edit: Yeah, pretty sure it's that. Firefox is complaining that the certificate for YouTube doesn't chain to a built in root, so either your certificate store is entirely busted, or the AV hasn't installed their root certificate.

  • jnelsoninjax
  • Like 1
Mentor

Night Prowler

Posted
Posted (edited)

If you are using Adguard uncheck 'Filter HTTPS Protocol', and all is good. I'm guessing any AV that has a similar switch will need to be neutralized.

Remember if this is the new 64bit FF that some plugins might not work. A registered version of RoboForm when used indicates that RoboForm needs to be registered. Looks like an update is needed?

Grand Master

jnelsoninjax

Posted
  • Author
Posted

I bet its your AV, do you have TLS/HTTPS scanning enabled?

To actually scan secure traffic, your AV has to break the security of the connection and fakes it for the browser to appear as if it's secure. If it doesn't know how to interact with 64bit Firefox, it can't lie to the browser, and the browser will see the connection is insecure. If that's the case, the only reason it worked with Cyberfox was because it's a 3rd party build, and it probably didn't detect it as a browser.

Edit: Yeah, pretty sure it's that. Firefox is complaining that the certificate for YouTube doesn't chain to a built in root, so either your certificate store is entirely busted, or the AV hasn't installed their root certificate.

That was it. Disabled Private Browsing within Kaspesky and suddenly everything works! :D

Grand Master

Boo Berry

Posted
Posted

If you are using Adguard uncheck 'Filter HTTPS Protocol', and all is good. I'm guessing any AV that has a similar switch will need to be neutralized.

No need, just follow this tutorial to manually re-import Adguard's certificate and it works fine.

https://kb.adguard.com/index.php?/Russian/Knowledgebase/Article/View/54/10/connection-is-not-trusted---firefox

Grand Master

The_Decryptor Veteran

Posted
  • Veteran
Posted

Personally I'd avoid using anything that breaks TLS connections, even if it's for a "good" cause.

It breaks stuff like HPKP in the browser, so if somebody is actually performing a MITM attack and your AV/etc. doesn't specifically check for that (By having a strict HPKP implementation, etc.), it'll hide those details from your browser entirely. And it's quite possible the interceptor doesn't support the same protocol versions and ciphers as your browser.

Grand Master

Obi-Wan Kenobi

Posted
Posted

As to adguard....I just received an update, and with adguard enabled, FF64 now displays https sites correctly, so I guess they fixed it. ;)

  • 2 weeks later...
Experienced

erpster3

Posted
Posted

it's Kaspersky antivirus/internet security software (any version).  I got that problem of Firefox not being able to access https sites because of Kaspersky [had that problem since Firefox 39].

Solution: either uninstall Kaspersky or follow the instructions in this Kaspersky forum page to import a "certificate" CER file into Firefox.  that made https sites like Google to function correctly in Firefox.

Mentor

Night Prowler

Posted
Posted (edited)

it's Kaspersky antivirus/internet security software (any version).  I got that problem of Firefox not being able to access https sites because of Kaspersky [had that problem since Firefox 39].

Solution: either uninstall Kaspersky or follow the instructions in this Kaspersky forum page to import a "certificate" CER file into Firefox.  that made https sites like Google to function correctly in Firefox.

Did you do this

 

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.