[tbb-dev] TBB 3.6.6 and self-signed certificates

Bram de Boer list-tbb-dev at nosur.com
Fri Sep 26 19:13:46 UTC 2014

> Bram de Boer:
>> I am having trouble using TBB 3.6.6 to connect to a website that uses a
>> self-signed certificate.
>> [...]

Mike Perry:
> Could this be the securty.nocertdb pref from #12998? If you go into
> about:config and change that value to false, does it change things? You
> may need to restart the browser..

Mike, thanks for the suggestion. That does indeed allow me to connect,
albeit not allow me to make a permanent exception.

However, I am confused. Before trying your suggestion, I got systematic
fails on two different OS X systems with TBB 3.6.6. Reverting back to TBB
3.6.5 allowed me to connect normally using both systems. Reinstalling TBB
3.6.6 resulted again in failure on both systems.

After applying the security.nocertdb=false tweak and restarting TB, both
systems could successfully connect. However, after switching back to
security.nocertdb=true and restarting TB, both systems could *still*
successfully connect?! I have even tried deleting the entire
/Applications/TorBrowser.app folder and reinstalled a fresh 3.6.6. Even
then I could still connect without your suggested tweak?!

I am confused. AFAIK TorBrowser does not store "state" anywhere but in the
application folder, so deleting the TorBrowser.app folder should entirely
clear its state, right? Or does it make use of the OS X key chain? A
problem with the webserver seems unlikely, as switching back and forth
between 3.6.5 and 3.6.6 showed systematic behaviour?! Hitting a bad exit
consistently from two different systems is unlikely too.

Could someone please be so kind to try to connect to a website with
self-signed certificate too? Does that work with default settings?


More information about the tbb-dev mailing list