HTTPS proxy cannot be verified

Divested-Mobile / Mull-Fenix

Build scripts for a web browser built upon Mozilla technology

https://divestos.org/pages/our_apps#mull

GNU Affero General Public License v3.0

611 stars 16 forks source link

HTTPS proxy cannot be verified #128

Closed gitterspec closed 1 year ago

gitterspec commented 1 year ago

Using FoxyProxy (also tried ProxySwitchyOmega)

Error when navigating to any website through the proxy: "Secure Connection Failed: The page you are trying to view cannot be shown because the authenticity of the received data could not be verified."

The SSL certificate for the proxy server is valid. The exact same setup works without issues in Iceraven and Kiwi. HTTP proxies work fine in Mull, so something is preventing Mull from correctly verifying the SSL cert of an HTTPS proxy, I believe.

SkewedZeppelin commented 1 year ago

https://divestos.org/pages/broken#mull

Mull has strict certificate pinning. If you are using a proxy or VPN that does HTTPS manipulation you'll encounter a "Secure Connection Failed" error. Navigate to about:config and change security.cert_pinning.enforcement_level from 2 to 1, this is however a security and privacy risk.

gitterspec commented 1 year ago

Thanks for the tip. For whatever reason, I also had to disable security.OCSP.require to make it work.