[tor-talk] Kaspersky still interferes with SSL port 443 sites

Sukhoi sukhoi47 at gmx.net
Sat Nov 2 19:04:47 UTC 2013


Your information is precious.

I am experimenting problems with TorBrowser on the last months.
On most of the web sites I have to reload it 2 to 8 times until it 
loads, receiving most of the times messages like this:

Unable to connect
Firefox can't establish a connection to the server at blog.torproject.org.

I updated TorBrowser several times in a hope to fix the problem, but 
without success.

Now, with your information, I turned off Kaspersky Pure 3.0 and the 
problem just gone.
Seems  the problem is just with, or at least more frequent, with https 
connections, and I see a small probability that HTTPS Everywhere may be 
playing a role on the problem.

Hope this is not a NSA attempt to track Tor users by using some built-in 
functionality on Kaspersky.


On 01/11/2013 16:49, Joe Btfsplk wrote:
> Weeks ago I reported problems accessing https Ixquick / Startpage 
> search sites in TBB 2.3.25-12, then *-13 and 2.4.x; then saw it was 
> most (or all) sites using port 443.
> Traced it to some issue with Kaspersky Internet Security 2014 (KIS) & 
> its "scan encrypted connections" feature, though never found exact 
> problem.
> My KIS settings do NOT cause problems in *Fx 24.x,*  or any versions 
> on secure URLs.  It used to not cause problems in TBB.
> Now I've narrowed it to EVERY time TBB is opened, if KIS is closed 
> then immediately reopened, the "blocking" port 443 problem *disappears*.
> Blocking is in quotes, cause I really don't know why port 443 is 
> immediately closed, just that KIS is involved.
> No special messages from TBB (now 2.4.17b2) when SSL pages won't load, 
> other than generic "xyz.com has timed out...may be busy..."
> In the Tor Network map, I can see port 443 try to open, then 
> immediately close when accessing sites using that port.  Until I close 
> / reopen KIS - then problem solved.
> The issue seemingly has something to do w/ *differences* between TBB 
> or processes & *regular Fx,* as the KIS factory default settings for 
> "scan encrypted connections" work fine in Fx & port 443 - or any others.
> Besides, I temporarily disabled all KIS port monitoring for 443. 
> Didn't change the TBB problem.
> AFAIK, the *default* KIS settings are that it's NOT scanning encrypted 
> connections, unless you have KIS *parental control* enabled (I don't).
> For some reason, it affects TBB, but seems unlikely the "real" KIS 
> default settings are the problem, as just closing / reopening KIS 
> solves the TBB issue.
> If... TBB had a problem w/ the Kaspersky certificate, closing / 
> reopening KIS wouldn't fix that.
> I could add TBB, vidalia and Tor.exe to KIS's "do not monitor 
> application's activity" and / or "do not scan (this application's) 
> network activity"  list, but that defeats purpose of having the 
> protection.
> Could be a weird KIS bug affecting TBB, that stopping / restarting KIS 
> somehow fixes it temporarily (consistently).  That'd be fairly unusual.
> Any thoughts on differences in TBB & Fx that may contribute to this, 
> or other suggestions?  Thanks.

More information about the tor-talk mailing list