If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
No Google
This morning Kaspersky Security, which I have installed, asked to install a
security update. Referred to Firefox? Don't remember the details. I trust Kaspersky, used it with no problem for many years. Now can't get Google to work on Firefox. Says insecure connection and won't connect. However, MS Internet Explorer works fine with Google. I don't know how to back out of Kaspersky update. I doubt that Google has a problem. I hate to go back to a C backup. Too many chances for worse problems if restore goes wrong. Help!! -- You know it's time to clean the refrigerator when something closes the door from the inside. |
Ads |
#2
|
|||
|
|||
No Google
KenK wrote:
This morning Kaspersky Security, which I have installed, asked to install a security update. Referred to Firefox? Don't remember the details. I trust Kaspersky, used it with no problem for many years. Now can't get Google to work on Firefox. Says insecure connection and won't connect. However, MS Internet Explorer works fine with Google. I don't know how to back out of Kaspersky update. I doubt that Google has a problem. I hate to go back to a C backup. Too many chances for worse problems if restore goes wrong. Help!! See if TLS 1.0, 1.1, and 1.2 are checked but not SSL 3.0. |
#3
|
|||
|
|||
No Google
Paul in Houston TX wrote in
: KenK wrote: This morning Kaspersky Security, which I have installed, asked to install a security update. Referred to Firefox? Don't remember the details. I trust Kaspersky, used it with no problem for many years. Now can't get Google to work on Firefox. Says insecure connection and won't connect. However, MS Internet Explorer works fine with Google. I don't know how to back out of Kaspersky update. I doubt that Google has a problem. I hate to go back to a C backup. Too many chances for worse problems if restore goes wrong. Help!! See if TLS 1.0, 1.1, and 1.2 are checked but not SSL 3.0. Sorry, don't understand. This is all Kaspersky gives me: "Your connection is not secure "The owner of www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. "This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate. "Learn more… "Report errors like this to help Mozilla identify misconfigured sites "www.google.com uses an invalid security certificate. "The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. "Error code: SEC_ERROR_UNKNOWN_ISSUER -- You know it's time to clean the refrigerator when something closes the door from the inside. |
#4
|
|||
|
|||
No Google
KenK wrote:
"Error code: SEC_ERROR_UNKNOWN_ISSUER Google's security certificate/s are google certificating authority. Sometimes security certificate problems can arise from your clock/date being incorrect. I notice that your Date in your message headers is like the date line that news.individual.net stamps when the poster has not provided a Date line or when the Date line information provided is 'out of whack'. Suggestion: check your system's date/clock for accuracy. -- Mike Easter |
#5
|
|||
|
|||
No Google
KenK wrote:
This morning Kaspersky Security, which I have installed, asked to install a security update. Referred to Firefox? Don't remember the details. I trust Kaspersky, used it with no problem for many years. Now can't get Google to work on Firefox. Says insecure connection and won't connect. However, MS Internet Explorer works fine with Google. I don't know how to back out of Kaspersky update. I doubt that Google has a problem. I hate to go back to a C backup. Too many chances for worse problems if restore goes wrong. Help!! SSL/TLS preference setting. Take a look in about:config or something. (In Firefox, type "about:config" into the URL bar, and click "OK" when the warning pops up. There is *no* undo in the interface. Simply have a look around in there first. Do *not* delete a line of text in there, as there is no way to put it back unless you made a backup of prefs.js or similar.) For HTTPS connections (Google can switch to them automatically), encryption is used. There is SSL and TLS. SSL is deprecated. We're supposed to be using TLS. There were a number of different exploits for secure connections, and bumping the version is part of fixing that. Normally, SSL/TLS supports "fallback". The two ends will negotiate and select a weaker method automatically. So in the old days, if all your browser supported was SSL3.0, then that is what would be used. But you can also adjust the browser preferences, so it will not fall back. Causing a "failure to connect" to any site stupid enough to have only SSL3.0. My browser has SSL3 disabled on purpose (by me). But all it supports is TLS 1.0, which is not the best. It could be that Kaspersky has taken it upon itself, to modify a related setting. Alternately, it could have made changes to lots of other parts of the OS. And I don't know if I could make a decent list for you of what they might be. Another area subject to recent change, is certificate signing. Certificate signing has switched to SHA2 (SHA256) from SHA1. Presumably a certificate problem would have a different message on the screen. https://blog.cloudflare.com/sha-1-de...r-left-behind/ To evaluate your browser now, you can use this. You could compare your browser on the "broken" setup, to some other computer which is not yet affected. https://www.ssllabs.com/ssltest/viewMyClient.html You can also test web sites. In this example, a webmail server is being tested. Webmail should use HTTPS. And so this test case is to see what it requires of the browser, in order to work. This test runs between ssllabs and the roadrunner node, without the users machine being involved. https://www.ssllabs.com/ssltest/ https://www.ssllabs.com/ssltest/anal...l.nycap.rr.com #1 Certificate uses: "Signature algorithm SHA256withRSA" #3 Certificate : "Signature algorithm SHA1withRSA WEAK" Server supports TLS 1.0 and TLS 1.2. My copy of Firefox used in the test, only covers TLS 1.0. So TLS 1.0 would be considered the fallback. I have specifically turned off SSL 3 in that copy of Firefox. HTH, Paul |
#6
|
|||
|
|||
No Google
KenK wrote:
Paul in Houston TX wrote in : KenK wrote: This morning Kaspersky Security, which I have installed, asked to install a security update. Referred to Firefox? Don't remember the details. I trust Kaspersky, used it with no problem for many years. Now can't get Google to work on Firefox. Says insecure connection and won't connect. However, MS Internet Explorer works fine with Google. I don't know how to back out of Kaspersky update. I doubt that Google has a problem. I hate to go back to a C backup. Too many chances for worse problems if restore goes wrong. Help!! See if TLS 1.0, 1.1, and 1.2 are checked but not SSL 3.0. Sorry, don't understand. This is all Kaspersky gives me: "Your connection is not secure "The owner of www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. "This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate. "Learn more… "Report errors like this to help Mozilla identify misconfigured sites "www.google.com uses an invalid security certificate. "The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. "Error code: SEC_ERROR_UNKNOWN_ISSUER I could find a couple examples that blame the AV product setting as the root cause. But so far, no explanation of what the AV product was actually doing to the browser itself. https://support.mozilla.org/en-US/questions/1106977 Paul |
#7
|
|||
|
|||
No Google
[Default] On 5 Jul 2016 16:51:05 GMT, in
microsoft.public.windowsxp.general KenK wrote: This morning Kaspersky Security, which I have installed, asked to install a security update. Referred to Firefox? Don't remember the details. I trust Kaspersky, used it with no problem for many years. Now can't get Google to work on Firefox. Says insecure connection and won't connect. However, MS Internet Explorer works fine with Google. I don't know how to back out of Kaspersky update. I doubt that Google has a problem. FWIW, I just got a script error on the google search page**. Their daily cartoon, I guess. All my other pages now ask me before I let them run scripts. 80% of the most common category of page asks me, but about 90%+ of them work fine even when I don't answer. **Firefox came with its own google search page, which wouldn't have this problem but I don't remember what it was. Anyone know? Also, I checked Stop Script and Don't ask me again, but I've never found out what that means. It sounds like it means: Run the standard length of time, maybe 15 seconds, and if you don't finish in that time, stop yourself, and don't bother asking me if you should. But I don't know. I hate to go back to a C backup. Too many chances for worse problems if restore goes wrong. That's my feeling, but I've never actually done it. Wait for another Kapersky update? Help!! |
#8
|
|||
|
|||
No Google
Hello Paul,
Just reading through this thread,.. Would refreshing FF be of any help? Robert |
#9
|
|||
|
|||
No Google
|
#10
|
|||
|
|||
No Google
Mark Twain wrote:
Hello Paul, Just reading through this thread,.. Would refreshing FF be of any help? Robert It's probably an Avast setting. https://forum.avast.com/index.php?topic=158300.0 "Disable https scanning till avast has a fix for it" You would go look for that setting in Avast. Paul |
#11
|
|||
|
|||
No Google
KenK wrote:
This morning Kaspersky Security, which I have installed, asked to install a security update. Referred to Firefox? Don't remember the details. I trust Kaspersky, used it with no problem for many years. Now can't get Google to work on Firefox. Says insecure connection and won't connect. However, MS Internet Explorer works fine with Google. I don't know how to back out of Kaspersky update. I doubt that Google has a problem. I hate to go back to a C backup. Too many chances for worse problems if restore goes wrong. Help!! Kaspersky, Avast, Bitdefender, and other anti-virus software allow you to interrogate your HTTPS (not just HTTP) web traffic to check for malicious content. Intercepting HTTPS traffic is not possible without using a MITM (man in the middle) scheme where your client connects to their local proxy (instead of the target server) and their proxy connects to the target server (pretending to be your client). That requires installing a certificate to use since both ends of an HTTPS connection must be secure. For their proxy to work, they need to use their cert for your client to connect to it. Mozilla decided to use a private certificate store. That is, Firefox uses only those certificates that have been installed into its private certificate store. No other program can use that private certificate store. Mozilla has never divulged why they think they need a private cert store when Internet Explorer and Chromium-based web browsers manage just fine to use the global cert store (the one managed by the OS). The global cert store can be seen using certmgr.msc. To see Firefox's private cert store, you have to go into its config, Advanced, Certificates, View Certificates. Normally a program that needs to use its own certificate, like some anti-virus programs and streaming capture software, installs it in the global cert store. That is where the vast majority of apps put their certs. With Mozilla, nope, the program has to install yet another copy of its cert in Firefox's own private cert store. You will find that programs that install their own certs work just fine in other web browser than Firefox. IE uses the global cert store. Google Chrome uses the global cert store. Mozilla had to make setup more difficult by using their own private cert store. Imaging the mess if every web-centric app managed its own private cert store. A program that installed its cert would have to do so in the global cert store and also in every app that had its own private cert store. In this regard, Mozilla sucks. I use Firefox but it is a royal pain in the ass to use it with programs that need to install a cert. You will have to check where in Kaspersky you have it insert its cert into Firefox's private cert store. With Avast (what I use), they don't offer that feature. You have to uninstall Avast and then reinstall it. Order of installation is important. If the AV program (or other software that needs a cert) is installed before the web browser then it may no means of installing their cert when you later install the web browser (or any app with its own private cert store). You need to install the web browser first so it exists when you install the anti-virus software. Some examples of software that use a MITM scheme that requires a cert: Avast's HTTPS scanning Applian Replay Media Capture aka Jakasta (capture video streams) Kasperky also intercepts HTTPS to scan it. See: https://support.kaspersky.com/6851 If Mozilla weren't such assholes and instead used the global certificate store like everyone else then this problem would never crop up when users update/upgrade their non-Mozilla software. Even Linux has its global cert store so it is not an issue with Firefox being cross- platform and Windows has a global store but Linux does not. For some reason, Mozilla decided they would be in charge of what certs were provided at install time. For ANY software that incorporates its own certificate, and to use Firefox with that software, it must install its cert into Firefox's private cert store. Mozilla has set a bad precedent: if other programs did the same, it would be a huge mess for one program to get its cert installed into the private cert store of many other programs. |
#12
|
|||
|
|||
No Google
In message , Micky
writes: [] Also, I checked Stop Script and Don't ask me again, but I've never found out what that means. It sounds like it means: Run the standard length of time, maybe 15 seconds, and if you don't finish in that time, stop yourself, and don't bother asking me if you should. But I don't know. I would guess it means stop script (immediately), and don't ask me again under similar circumstances - either altogether, or if I visit that site or page again, or ... [] -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf Today you wonder if the media has become the opposition - it's become the political classes against 24-hour media. Jon Culshaw [voice impressionist], in RT 2015/4/11-17 |
#13
|
|||
|
|||
No Google
[Default] On Wed, 6 Jul 2016 20:05:06 +0100, in
microsoft.public.windowsxp.general "J. P. Gilliver (John)" wrote: In message , Micky writes: [] Also, I checked Stop Script and Don't ask me again, but I've never found out what that means. It sounds like it means: Run the standard length of time, maybe 15 seconds, and if you don't finish in that time, stop yourself, and don't bother asking me if you should. Don't bother asking me next time. But I don't know. I would guess it means stop script (immediately), and don't ask me again under similar circumstances - either altogether, or if I visit that site or page again, or ... I meant half of that, Stop immediately but future times run 15 seconds. But I can see your answer too. Maybe more clearly. The eternal optimist, I figured it was worth 15 seconds each time on the theory it was a fluke that it didnt' work and it will now. Or they repaired it or the surrounding code since I blacklisted it. I intended to make a list of script names (when they are given) but I wasn't going to record website names and I can see now why that would matter. But I didn't do it anyhow so it doesn't matter anymore. I also googled the message and didn't find a good explanation, though I didn't read every hit. [] |
#14
|
|||
|
|||
No Google
[Default] On Tue, 05 Jul 2016 19:30:06 -0400, in
microsoft.public.windowsxp.general Micky wrote: FWIW, I just got a script error on the google search page**. Their When I hadn't searched for anything yet. Hadn't put anything in its search box. daily cartoon, I guess. All my other pages now ask me before I let them run scripts. 80% of the most common category of page asks me, but about 90%+ of them work fine even when I don't answer. **Firefox came with its own google search page, which wouldn't have this problem but I don't remember what it was. Anyone know? Solved that. The non-cartoon google page is accessible from the search box, next to the location box in a toolbar. For me it is even the default . |
|
Thread Tools | |
Display Modes | |
|
|