[tbb-dev] TBB 3.6.6 and self-signed certificates

Georg Koppen gk at torproject.org
Mon Sep 29 10:15:49 UTC 2014


Bram de Boer wrote:
>> Bram de Boer wrote:
>>> The page I was having trouble with is https://nosur.com
>>> [...]
> 
> Georg Koppen wrote:
>> I *cannot* connect to the site at the moment despite
>> switching the pref as you did.
> 
> Thanks for trying. And can you access the website with TBB 3.6.5? If so,
> that confirms the behaviour I have been seeing.

> I have found one difference between 3.6.5 and 3.6.6 that still
> consistently occurs; perhaps by-design?
> 
>   - Preferences > Privacy > Use custom settings for history
>   - Untick "Always use private browsing mode". TB will now restart
>   - Visit website with self-signed certificate
>   - Tick "Permanently store this exception"
>   - Clicking [Confirm Security Exception] won't have any effect. The
> button animates the click but nothing happens?!
> 
> This occurs with both https://www.patternsinthevoid.net and
> https://nosur.com. I have successfully used the flow described above with
> all previous TBB versions. Afterwards I immediately re-enable the "Always
> use private browsing mode" option and then have the permanent exception
> for the website.
> 
> Was this behaviour changed by design? If so, it might be user-friendlier
> to just disable the checkbox, rather than having a non-functional button.

That is part of the patch behind the "security.nocertdb" preference.
I.e. if you set it to "false" your workaround is still supposed to work.
That said it might be smarter to bind that preference to the private
browsing mode (as the "Permanently store this exception"-checkbox
already is) than messing with the checkbox itself. Do you mind opening a
ticket at https://trac.torproject.org?

> What is the recommended way to add a permanent exception (if at all,
> because that would obviously make the user uniquely fingerprintable).

There is no recommended way :) but as I said above switching
"security.nocertdb" to "false" should help.

Georg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20140929/903a828a/attachment.sig>


More information about the tbb-dev mailing list