[tor-talk] Kaspersky still interferes with SSL port 443 sites

Joe Btfsplk joebtfsplk at gmx.com
Fri Nov 1 18:49:20 UTC 2013 

Weeks ago I reported problems accessing https Ixquick / Startpage search 
sites in TBB 2.3.25-12, then *-13 and 2.4.x; then saw it was most (or 
all) sites using port 443.
Traced it to some issue with Kaspersky Internet Security 2014 (KIS) & 
its "scan encrypted connections" feature, though never found exact problem.

My KIS settings do NOT cause problems in *Fx 24.x,*  or any versions on 
secure URLs.  It used to not cause problems in TBB.
Now I've narrowed it to EVERY time TBB is opened, if KIS is closed then 
immediately reopened, the "blocking" port 443 problem *disappears*.
Blocking is in quotes, cause I really don't know why port 443 is 
immediately closed, just that KIS is involved.

No special messages from TBB (now 2.4.17b2) when SSL pages won't load, 
other than generic "xyz.com has timed out...may be busy..."
In the Tor Network map, I can see port 443 try to open, then immediately 
close when accessing sites using that port.  Until I close / reopen KIS 
- then problem solved.

The issue seemingly has something to do w/ *differences* between TBB or 
processes & *regular Fx,* as the KIS factory default settings for "scan 
encrypted connections" work fine in Fx & port 443 - or any others.
Besides, I temporarily disabled all KIS port monitoring for 443. Didn't 
change the TBB problem.

AFAIK, the *default* KIS settings are that it's NOT scanning encrypted 
connections, unless you have KIS *parental control* enabled (I don't).
For some reason, it affects TBB, but seems unlikely the "real" KIS 
default settings are the problem, as just closing / reopening KIS solves 
the TBB issue.

If... TBB had a problem w/ the Kaspersky certificate, closing / 
reopening KIS wouldn't fix that.

I could add TBB, vidalia and Tor.exe to KIS's "do not monitor 
application's activity" and / or "do not scan (this application's) 
network activity"  list, but that defeats purpose of having the protection.

Could be a weird KIS bug affecting TBB, that stopping / restarting KIS 
somehow fixes it temporarily (consistently).  That'd be fairly unusual.

Any thoughts on differences in TBB & Fx that may contribute to this, or 
other suggestions?  Thanks.

More information about the tor-talk mailing list