Frank-Rainer Grahl wrote:
mozilla-lists.mbou...@spamgourmet.com wrote:
I think the bit about the site using HSTS explains it:
This site uses HTTP Strict Transport Security (HSTS) to specify that
SeaMonkey only connect to it securely. As a result, it is not
possible to add an exception for this certificate.
When you've visited the site before, it's indicated that it uses HSTS,
so SeaMonkey won't allow insecure connections in future.
You probably haven't visited the site before in Firefox, so that
doesn't know the site uses HSTS and allows the exception. Either that
or Firefox allows exceptions despite HSTS - if that is the case, it
might have been changed in a newer version than SeaMonkey is based on.
Exactly. I looked and i think it was SiteSecurityServiceState.txt which
just needed to be edited to allow the override again.
I noticed after posting that you'd mentioned something similar (should
have read the whole thread first, but it seemed to have deteriorated
into "works for me", "me too", "doesn't work for me"...).
SiteSecurityServiceState.txt looks like the one. It might be necessary
to completely exit SeaMonkey before editing it, as I think otherwise it
will get rewritten from an in-memory version. Find the line for the
affected site and just delete it.
Bear in mind that the site had set an HSTS policy to indicate that
browsers should only ever connect securely, and that failure to do so
might indicate that the site or your connection to it has been
compromised (although it's also possible the site has broken the
implicit promise to ensure you'll always be able to connect securely,
for example by letting their certificate expire). You may be OK with
this for a site which you only view, but should be suspicious if such
errors occur on your bank's site.
The real issue is websites setting an HSTS policy, and then not
maintaining their own security configuration, although a UI to bypass it
(with appropriate warnings) might be useful.
--
Mark.
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey