[tor-talk] HSTS forbids "Add an exception" (also, does request URI leak?)

Wed Aug 8 10:59:23 UTC 2018

On August 7, 2018 11:14 PM, nusenu <nusenu-lists at riseup.net> wrote:
>> did you notice the non-HSTS/HSTS distinction when trying to add an exception?

On August 8, 2018 1:51 AM, grarpamp <grarpamp at gmail.com> wrote:
> If there is, would have to look closer, thx.

The following is to help searchers who rammed their heads into this
problem, as I did when accessing clearnet version of a rather popular
.onion (LE cert).

Firefox/Tor Browser disallows adding an exception. The "add an exception"
button does not even appear! It gives the error message:

"This site uses HTTP Strict Transport Security (HSTS) to specify that
Tor Browser may only connect to it securely. As a result, it is not
possible to add an exception for this certificate."

Workaround FOR ADVANCED SECURITY GURUS ONLY -- WARNING, DANGER, YOU
CAN BREAK YOUR SECURITY IF YOU DO NOT KNOW WHAT YOU ARE DOING -- create
prefs integer before visiting the broken website:

test.currentTimeOffsetSeconds
11491200

Instructions given here are intentionally opaque; if you don't know what
that means, don't try it.

Doing this is NOT RECOMMENDED.

I myself would NEVER do this unless either I verified the certificate
fingerprint by out-of-band means, or observed the same fingerprint
through many different random exits.

If you don't understand what this means, please do not try to override
HSTS. You will get ruined by a BadExit. Evil h4x0rs with sslstrip will
steal your identity, dox you on the scary darknets, and put sugar in
your gas tank. Instead of overriding security features, tell the server
admin of the broken website to fix his problem by adding intermediate
certificate to chain in webserver config.

----

Topic drift observation:

This error made me realize that Tor Browser/Firefox must load at least the
response HTTP headers before displaying the certificate error message. I
did not realize this! I reasonably assumed that it had simply refused to
complete the TLS handshake. No TLS connection, no way to know about HSTS.

Scary. How much does Tor Browser actually load over an *unauthenticated*
connection? Most importantly, I am curious, does it leak the request
URI path (including query string parameters) this way? Or does it do
something like a `HEAD /` to specifically check for HSTS? No request
headers, no response headers, no way to know about HSTS. Spies running
sslstrip may be interested in that.

Sent with ProtonMail Secure Email.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 855 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20180808/4409e6b0/attachment.sig>