On 5/9/2020 7:13 AM, [email protected] wrote:
Frank-Rainer Grahl wrote:
[email protected] wrote:
I think the bit about the site using HSTS explains it:
This site uses HTTP Strict Transport Security (HSTS) to specify that
SeaMonkey only connect to it securely. As a result, it is not
possible to add an exception for this certificate.
When you've visited the site before, it's indicated that it uses
HSTS, so SeaMonkey won't allow insecure connections in future.
You probably haven't visited the site before in Firefox, so that
doesn't know the site uses HSTS and allows the exception. Either
that or Firefox allows exceptions despite HSTS - if that is the case,
it might have been changed in a newer version than SeaMonkey is based
on.
Exactly. I looked and i think it was SiteSecurityServiceState.txt
which just needed to be edited to allow the override again.
I noticed after posting that you'd mentioned something similar (should
have read the whole thread first, but it seemed to have deteriorated
into "works for me", "me too", "doesn't work for me"...).
SiteSecurityServiceState.txt looks like the one. It might be necessary
to completely exit SeaMonkey before editing it, as I think otherwise it
will get rewritten from an in-memory version. Find the line for the
affected site and just delete it.
Bear in mind that the site had set an HSTS policy to indicate that
browsers should only ever connect securely, and that failure to do so
might indicate that the site or your connection to it has been
compromised (although it's also possible the site has broken the
implicit promise to ensure you'll always be able to connect securely,
for example by letting their certificate expire). You may be OK with
this for a site which you only view, but should be suspicious if such
errors occur on your bank's site.
The real issue is websites setting an HSTS policy, and then not
maintaining their own security configuration, although a UI to bypass it
(with appropriate warnings) might be useful.
Ah, thanks. I see two of these in my profile's SiteSecurityServiceState
file:
antville.org:HSTS 44 18391 1620529497904,1,1,2
videos.antville.org:HSTS 46 18391 1620529497913,1,1,2
So, do I just delete these two lines to let me in it with its risks
alert option (with SeaMonkey process not running)?
Also, when did SM start using this list? I have never seen and heard of
this one before. :)
--
:) National Nurse Wk. ..!.. heat wave & illness like
COVID-19/2019-nCoV/SARS-CoV-2! :(
Note: A fixed width font (Courier, Monospace, etc.) is required to see
this signature correctly.
/\___/\ http://aqfl.net & http://antfarm.ma.cx /
/ /\ /\ \ http://antfarm.home.dhs.org
| |o o| | Axe ANT from its address if shown & e-mailing privately.
\ _ / Please kindly use Ant nickname & URL/link if crediting.
( )
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
