This Connection is Untrusted Topic is solved

For discussions specific to the Portable version of the browser.

Moderator: satrow

DarknessStorm
Moongazer
Moongazer
Posts: 12
Joined: Sun, 25 Jun 2017, 04:49

This Connection is Untrusted

Unread postby DarknessStorm » Tue, 23 Oct 2018, 07:28

Greetings.
I downloaded portable latest stable version of pm and got Image
when tried to open youtube (many, many other sites also opens "this", but with probability to add exception)
How to get rid of this Untrusted window at all? (i know what sites a can open safely and what not)
Last edited by DarknessStorm on Tue, 23 Oct 2018, 07:28, edited 1 time in total.

User avatar
Isengrim
Lunatic
Lunatic
Posts: 493
Joined: Tue, 08 Sep 2015, 22:54
Location: 127.0.0.1
Contact:

Re: This Connection is Untrusted

Unread postby Isengrim » Tue, 23 Oct 2018, 08:52

That screen is there for a good reason - to warn you that something is not right with the SSL connection. If it's happening frequently with many reputable sites, then my first guess is that your AV or firewall is interfering with the traffic.

See also: viewtopic.php?f=3&t=20693&p=154762#p154762
Linux Mint 18.3 Cinnamon (64-bit)
Windows 7 (64-bit) (Sometimes)
Windows 10 (64-bit) (Sometimes)
We are our choices.

DarknessStorm
Moongazer
Moongazer
Posts: 12
Joined: Sun, 25 Jun 2017, 04:49

Re: This Connection is Untrusted

Unread postby DarknessStorm » Tue, 23 Oct 2018, 12:50

nope, not my firewall or any "other" possible things in the system... i already tried to completely disable firewall module (i'm using comodo)/quit program - nothing helped.
And ofc i read the mozilla's topic, but my time&date is alright

User avatar
Isengrim
Lunatic
Lunatic
Posts: 493
Joined: Tue, 08 Sep 2015, 22:54
Location: 127.0.0.1
Contact:

Re: This Connection is Untrusted

Unread postby Isengrim » Tue, 23 Oct 2018, 13:46

What are the technical details shown on that page? Is it the same error code for every site you have this issue with?
Linux Mint 18.3 Cinnamon (64-bit)
Windows 7 (64-bit) (Sometimes)
Windows 10 (64-bit) (Sometimes)
We are our choices.

User avatar
gepus
Fanatic
Fanatic
Posts: 152
Joined: Thu, 14 Dec 2017, 12:59

Re: This Connection is Untrusted

Unread postby gepus » Tue, 23 Oct 2018, 14:05

@ DarknessStorm
Most probably your problem is related to security software which is interfering.
Often it's not enough to disable such programs since they are running as a service at Kernel-level.
After disabling you should also try to reboot your system. Also make sure that after rebooting no component of the security software is active.

DarknessStorm
Moongazer
Moongazer
Posts: 12
Joined: Sun, 25 Jun 2017, 04:49

Re: This Connection is Untrusted

Unread postby DarknessStorm » Tue, 23 Oct 2018, 14:18

Isengrim wrote:What are the technical details shown on that page? Is it the same error code for every site you have this issue with?

Code: Select all

www.youtube.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. (Error code: SEC_ERROR_UNKNOWN_ISSUER)

probably the same, but on some sites i can manually add exception, like this:
Image
@gepus
i tried to launch pm in a clean system (win7 x64) without any security/firewall software (with disabled win-built-in ofc) and got the same problem

User avatar
Isengrim
Lunatic
Lunatic
Posts: 493
Joined: Tue, 08 Sep 2015, 22:54
Location: 127.0.0.1
Contact:

Re: This Connection is Untrusted

Unread postby Isengrim » Tue, 23 Oct 2018, 17:05

Perhaps something at the router/network level is mucking with your traffic?

If you view the certificate from the "Add an exception" dialog, who does it say is the issuer of the certificate, and who is it issued to?
Linux Mint 18.3 Cinnamon (64-bit)
Windows 7 (64-bit) (Sometimes)
Windows 10 (64-bit) (Sometimes)
We are our choices.

DarknessStorm
Moongazer
Moongazer
Posts: 12
Joined: Sun, 25 Jun 2017, 04:49

Re: This Connection is Untrusted

Unread postby DarknessStorm » Wed, 24 Oct 2018, 07:01

@Isengrim, i have no router, internet cable plugged-in directly to my network card.
youtube has no choice, only "get out of here"
and yes, i'm 100% sure that it is the true youtube and other sites with such issue (the sites are not compromised)
my only wish is to get rid of this Untrusted window shit at all. (probably with changing something in about:config, but what...)
Last edited by DarknessStorm on Wed, 24 Oct 2018, 07:03, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22273
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: This Connection is Untrusted

Unread postby Moonchild » Wed, 24 Oct 2018, 07:19

If you view the certificate from the "Add an exception" dialog, who does it say is the issuer of the certificate, and who is it issued to?

This would be a great help to know what breaks your trust chain.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

yami_
Fanatic
Fanatic
Posts: 204
Joined: Thu, 26 Apr 2018, 11:05

Re: This Connection is Untrusted

Unread postby yami_ » Wed, 24 Oct 2018, 08:30

DarknessStorm wrote:my only wish is to get rid of this Untrusted window shit at all. (probably with changing something in about:config, but what...)
You can not disable that:
IETF wrote:Error handling in the TLS Handshake protocol is very simple. When an
error is detected, the detecting party sends a message to the other
party. Upon transmission or receipt of a fatal alert message, both
parties immediately close the connection. Servers and clients MUST
forget any session-identifiers, keys, and secrets associated with a
failed connection. Thus, any connection terminated with a fatal
alert MUST NOT be resumed.
[...]
The following error alerts are defined:
[...]
unknown_ca
A valid certificate chain or partial chain was received, but the
certificate was not accepted because the CA certificate could not
be located or couldn't be matched with a known, trusted CA. This
message is always fatal.
cat came back from Berkeley waving flags
- rob pike

DarknessStorm
Moongazer
Moongazer
Posts: 12
Joined: Sun, 25 Jun 2017, 04:49

Re: This Connection is Untrusted

Unread postby DarknessStorm » Wed, 24 Oct 2018, 15:27

You can not disable that

hmm... but why then my installed palemoon (27.8.3) is alright and i didn't ever see this Untrusted window?
btw, it's the same system and config.
Moonchild wrote:
If you view the certificate from the "Add an exception" dialog, who does it say is the issuer of the certificate, and who is it issued to?

This would be a great help to know what breaks your trust chain.

ok, just for an example (because as i said - that window-with possibility to add exception or not-appears VERY often. i think in 90% of cases)
http://dl4.joxi.net/drive/2018/10/24/00 ... b4badb.png
Last edited by DarknessStorm on Wed, 24 Oct 2018, 15:32, edited 1 time in total.

User avatar
jimmyd
New to the forum
New to the forum
Posts: 1
Joined: Wed, 24 Oct 2018, 15:24

Re: This Connection is Untrusted

Unread postby jimmyd » Wed, 24 Oct 2018, 15:36

Moonchild wrote:
If you view the certificate from the "Add an exception" dialog, who does it say is the issuer of the certificate, and who is it issued to?

This would be a great help to know what breaks your trust chain.


I just developed this exact same issue on Palemoon for Linux. Bizarrely, it is happening on a site I frequent daily that is not SSL encrypted! It seems to be a problem with a Cloudlare SSL certificate issued via Comodo.

ssl919196.cloudflaressl.com
02:36:AA:64:52:E1:81:21:E4:C2:DC:BE:1D:AA:18:B0

If I try to access the site via TBB Tor just hangs and won't do anything.

So this looks like a Cloudflare problem.

yami_
Fanatic
Fanatic
Posts: 204
Joined: Thu, 26 Apr 2018, 11:05

Re: This Connection is Untrusted  Topic is solved

Unread postby yami_ » Wed, 24 Oct 2018, 15:51

This is definitely not the certificate that you should see, the correct one's SHA-256 fingerprint is B3:D7:DF:14:FA:2F:46:DF:D4:62:42:12:66:1B:88:DF:48:A3:CA:82:2B:99:B3:04:6D:A7:3B:B7:EE:FC:FF:00. If the other Pale Moon installation opens affected web pages it probably means that it has a CA certificate installed that makes browser think that everything is fine.
The easiest solution to this problem is disabling the software that is performing the MITM attack.
Last edited by yami_ on Wed, 24 Oct 2018, 19:24, edited 3 times in total.
cat came back from Berkeley waving flags
- rob pike

vannilla
Fanatic
Fanatic
Posts: 157
Joined: Sat, 05 May 2018, 13:29

Re: This Connection is Untrusted

Unread postby vannilla » Wed, 24 Oct 2018, 15:56

The certificate has been replaced somehow.
Under normal circumstances, you should get a certificate from Yandex CA, not Adguard Personal CA.
Do you use any particular security software? If so, it probably replaced your certificates in one way or another.

User avatar
Isengrim
Lunatic
Lunatic
Posts: 493
Joined: Tue, 08 Sep 2015, 22:54
Location: 127.0.0.1
Contact:

Re: This Connection is Untrusted

Unread postby Isengrim » Wed, 24 Oct 2018, 16:14

The fact that the certificate is being issued by "Adguard Personal CA" means Adguard is causing the issue. I would disable this filtering being done by Adguard if at all possible.

Is Adguard an add-on? If so, try disabling it (or running the browser in Safe Mode) and see if the problem persists.
Last edited by Isengrim on Wed, 24 Oct 2018, 16:14, edited 1 time in total.
Linux Mint 18.3 Cinnamon (64-bit)
Windows 7 (64-bit) (Sometimes)
Windows 10 (64-bit) (Sometimes)
We are our choices.

DarknessStorm
Moongazer
Moongazer
Posts: 12
Joined: Sun, 25 Jun 2017, 04:49

Re: This Connection is Untrusted

Unread postby DarknessStorm » Wed, 24 Oct 2018, 16:26

@yami_
Thx a lot! I totally forgot about installed adguard in background. Seems some of its components worked even with disabled protection (needed completely exit)

User avatar
gepus
Fanatic
Fanatic
Posts: 152
Joined: Thu, 14 Dec 2017, 12:59

Re: This Connection is Untrusted

Unread postby gepus » Wed, 24 Oct 2018, 17:53

Isengrim wrote:Is Adguard an add-on?

It's a third party security software that needs system wide installation and acts as a filtering local proxy. :lol:
https://kb.adguard.com/en/windows/solvi ... ot-trusted

yami_
Fanatic
Fanatic
Posts: 204
Joined: Thu, 26 Apr 2018, 11:05

Re: This Connection is Untrusted

Unread postby yami_ » Wed, 24 Oct 2018, 18:44

DarknessStorm wrote:@yami_
Thx a lot! I totally forgot about installed adguard in background. Seems some of its components worked even with disabled protection (needed completely exit)
No problem. If you want to read more about HTTPS filtering Moonchild has written about it in the past: viewtopic.php?f=24&t=14122.
cat came back from Berkeley waving flags
- rob pike


Return to “Pale Moon Portable”

Who is online

Users browsing this forum: No registered users and 1 guest