[tbb-dev] TBB 3.6.6 and self-signed certificates

Mike Perry mikeperry at torproject.org
Wed Oct 8 20:26:03 UTC 2014 

Georg Koppen:
> Bram de Boer wrote:
> >> Bram de Boer wrote:
> >>> The page I was having trouble with is https://nosur.com
> >>> [...]
> > 
> > Georg Koppen wrote:
> >> I *cannot* connect to the site at the moment despite
> >> switching the pref as you did.
> > 
> > Thanks for trying. And can you access the website with TBB 3.6.5? If so,
> > that confirms the behaviour I have been seeing.
> 
> > I have found one difference between 3.6.5 and 3.6.6 that still
> > consistently occurs; perhaps by-design?
> > 
> >   - Preferences > Privacy > Use custom settings for history
> >   - Untick "Always use private browsing mode". TB will now restart
> >   - Visit website with self-signed certificate
> >   - Tick "Permanently store this exception"
> >   - Clicking [Confirm Security Exception] won't have any effect. The
> > button animates the click but nothing happens?!
> > 
> > This occurs with both https://www.patternsinthevoid.net and
> > https://nosur.com. I have successfully used the flow described above with
> > all previous TBB versions. Afterwards I immediately re-enable the "Always
> > use private browsing mode" option and then have the permanent exception
> > for the website.
> > 
> > Was this behaviour changed by design? If so, it might be user-friendlier
> > to just disable the checkbox, rather than having a non-functional button.
> 
> That is part of the patch behind the "security.nocertdb" preference.
> I.e. if you set it to "false" your workaround is still supposed to work.
> That said it might be smarter to bind that preference to the private
> browsing mode (as the "Permanently store this exception"-checkbox
> already is) than messing with the checkbox itself. Do you mind opening a
> ticket at https://trac.torproject.org?
> 
> > What is the recommended way to add a permanent exception (if at all,
> > because that would obviously make the user uniquely fingerprintable).
> 
> There is no recommended way :) but as I said above switching
> "security.nocertdb" to "false" should help.

For me, it was only broken if disk history is enabled. Otherwise the
dialog worked.

I just filed
https://trac.torproject.org/projects/tor/ticket/13366 for this, and
fixed it by switching the pref to false automatically when disk history
storage is enabled in Torbutton.



-- 
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20141008/2e7be4ed/attachment.sig>

More information about the tbb-dev mailing list