Mozilla announces measures for 'can not connect to web page' problem caused by security software


by

Tim Gouw

In Firefox , a web browser developed by Mozilla, when trying to open an HTTPS site with Firefox 65 or later released in January 2019, it is displayed as 'not secure connection' despite being a secure site In some cases, it was reported that it could not be accessed. The cause of this error was the security software installed on the PC, and Mozilla has announced that it has taken measures.

Fixing Antivirus Errors | Mozilla Security Blog
https://blog.mozilla.org/security/20019/07/01/fixing-antivirus-errors/

Firefox to Automatically Trust OS-Installed CA Certificates to Prevent TLS Errors
https://thehackernews.com/2019/07/firefox-https-security.html

When connecting to an HTTPS site, Firefox verifies the validity of the SSL server certificate presented by the website, and checks if the certificate was issued by a trusted certificate authority . Firefox maintains a list of trusted certificate authorities called root stores, and if the certificate authority that issued the certificate of the website you are trying to access is not registered in the root store, Firefox accesses the website. Cancel and display the error message 'It is not a secure connection.'

Although this system is effective against man- in-the- middle attacks that intercept cryptographic communication, Firefox has reported a problem that ' Error occurs on multiple secure sites .' The problem, reported only in Firefox, is attributed to security software installed on PCs.


by

geralt

There are many security software that enable the HTTPS scan function by default to check if the encrypted HTTPS connection is secure or not. According to the HTTPS scan function, security software rewrites web page certificates to unique ones, and checks whether there is a third party that intercepts the presence of malware or communication.

However, if the certificate authority that the security software issues independently is not registered in Firefox's root store, Firefox will judge that 'this certificate is dangerous'. This was the cause of the inability to access Firefox from websites that should have been safe.

In order to address this issue, if Firefox can not confirm the validity of the certificate during HTTPS connection with Firefox 68 or later, Mozilla automatically retries connection with 'enter enterprise route settings' turned on. It changed to so.

When Enterprise Root Setting is turned on, the certificate authority added to the OS by the user, administrator and programs installed on the computer will be imported to the Firefox root store. In this way, it is possible to take confirmation of the certificate authority even for certificates issued uniquely by security software installed on a computer. This option is expected to be available on Windows and Mac, and security software will no longer allow access to secure websites.


by geralt

in Software,   Security, Posted by log1h_ik