Firefox 44 gets override for weak security certificate errors
When you open a web page currently in the Firefox browser that is using weak cryptography, then you will be redirected to an error page stating that the connection to the page failed.
Mozilla launched the new error page in Firefox 33. Before that, Firefox offered the means to enforce a connection to the site in question.
The reason for the failure to connect is given, for instance "secure connection failed", as is an option to try to connect to the site again or to report the error.
What's not there though is an option to override it. While it is safe to block the connection in these cases, it is problematic that there is no override available.
If you look how Chrome or Internet Explorer handle this, you will notice that they provide overrides to enable users to connect to the site anyway.
This can be useful if you need to sign in to the web interface of a local router for instance that has not received updates in years and is still using cryptography that is considered weak nowadays.
Without an override in place, you would not be able to connect to the interface using Firefox. Mozilla implemented a fallback option in the preferences:
- Type about:config in Firefox's address bar and hit enter.
- Confirm you will be careful.
- Locate the preference security.tls.insecure_fallback_hosts
- Double-click on it and add the hostname of the site you want to add exceptions for, e.g. ghacks.net
- Make sure the hostname matches exactly, as www.ghacks.net and ghacks.net are different.
While that makes sense for sites that you connect to regularly, you may not want to add hostnames permanently to the configuration if you only need temporary access.
While you could edit the preference regularly to turn exceptions on or off when the need arises, it may not be comfortable depending on how often you need to make changes to the preference.
Mozilla will make things easier for Firefox users starting with Firefox 44. The organization plans to add an override to Firefox's secure connection error page.
As you can see on the screenshot above, the new error page will feature an advanced button that you may click on to display an option to visit the site that is considered insecure.
Please note that this is a mockup and subject to change. The planned change would allow Firefox users to bypass weak security errors to visit sites in the browser directly.
Up until now, I have used other browsers to connect to these pages instead if I only needed temporary access to them. (via Sören Hentzschel)
Now You: How do you handle insecure connection errors in Firefox?
Hi Team,
am getting secure connection failed, when i try to access the page. Please suggest me how to proceed further.
“””” Secure Connection Failed
The connection to the server was reset while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.””
I tried all the options(ssl) in the about:config as well i deleted the cert8 file as well. Please someone help me to fix the issue.
Which page are you trying to access?
Thanks for the information, but i think entering the hostname of each site that appears insecure is somehow stressful. The easiest way to solve the problem without having to enter each site’s hostname is to change
security.ssl.enable_ocsp_stapling at about:config. More information can be found at http://www.easytins.com/2016/05/how-to-fix-secure-connection-failed.html
https://very.badssl.com/
Is there something wrong with my firefox if it loads this page with a doge pic? I got no block whatsoever from it.
BTW the topic says ‘gets override for weak security certificate errors’ so besides the only small gui change this is still wrong, this certificate about:config switch is present over one year.
Please change the topic to something like ‘FF 44 will enable the a new gui for security cert errors’, the rest is nothing but wrong.
No offensive but facts.
@Sören Hentzschel
The option IS FOR WHITELISTENING in case an page e.g. use RC4. and the option already did exist: http://imagizer.imageshack.com/img633/8062/UfgkGM.png same like normal FF 38 release. Just download it and you will see so my comment is okay.
It’s not easier and it’s not new, just a tweaked option but that’s all.
That paramter is a string. How should multiple site addresses be separated in it?
If anybody knows, is there a way to put a parameter in a link to about:config which will cause it to open with the parameter as a search term?
Don you separate hosts with a comma, e.g. example.com, example1.com
The override switch (was it since they killed ssl (37/38?). The new page is just the old one with a newer look. Original ticket was from end 2014. https://bugzilla.mozilla.org/show_bug.cgi?id=1114816 + https://wiki.centos.org/TipsAndTricks/Firefox38onCentOS.
The original article/source I saw this was this (april 2015 but related to FF 38). http://forums.mozillazine.org/viewtopic.php?f=38&t=2927051
The only stuff I can see is ‘new’ is that there is a report button (which was/is hidden because similar to https-everywhere all broken pages will be send to Mozilla by default).
However, it was not enabled by default after v33. Now they are implementing again as default on v44 onwards.
Bug 1114816 is about a whitelist. It’s not the same feature as the new error page. And if it’s not a feature of Firefox 41, it’s new. So why do you say “please check your articles/sources”? Martin says: “Mozilla will make things easier for Firefox users starting with Firefox 44”. That’s absolutely correct. Mozilla make this easier for users in Firefox 44. ;-)
Martin please check your articles/sources, this isn’t new, it exist since FF38/39 or so.
@CHEF-KOCH:
bug 1207137:
Status: NEW → RESOLVED
Last Resolved: 2 days ago
status-firefox44: affected → fixed
Resolution: — → FIXED
Target Milestone: — → Firefox 44
The override switch or the new error message when you connect to https sites with errors? Can you provide me with a source for that?
I like these little Firefox articles. I reckon gHacks is the single best website for such information.
And the adverts on gHacks today are a huge improvement. I’ve already clicked through on TWO of them because they were interesting and relevant. Well done on whatever change you made over the weekend :)
(spellcheck still doesn’t work on these weird comment boxes thoigh).