search

EFForg / https-everywhere

A browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections.
https://eff.org/https-everywhere
Other
3.37k stars 1.09k forks source link

Implement basic connection tests for all rulesets #849

Closed nemobis closed 9 years ago

nemobis commented 9 years ago

It sometimes happens to me that I visit websites which Firefox can't even connect to, because of HE default rewritings. I did some rough checks of the main domains in xml rules (https://gist.github.com/nemobis/127f3e89dc4fb822b086 ) and probably at least those which give an exit code 35 ("SSL connect error. The SSL handshaking failed.") should not be enabled by default? I don't know how many are, but I see more than 0.

curl: (35) Unknown SSL protocol error in connection to 1tw.org:443 curl: (35) Unknown SSL protocol error in connection to 1.usa.gov:443 curl: (35) Unknown SSL protocol error in connection to 2kgames.com:443 curl: (35) Unknown SSL protocol error in connection to 2ksports.com:443 curl: (35) Unknown SSL protocol error in connection to 350zevolution.com:443 curl: (35) Unknown SSL protocol error in connection to a21.tv:443 curl: (35) Unknown SSL protocol error in connection to adspeed.biz:443 curl: (35) Unknown SSL protocol error in connection to adsrvmedia.com:443 curl: (35) Unknown SSL protocol error in connection to adultcineporn.com:443 curl: (35) Unknown SSL protocol error in connection to ajc.com:443 curl: (35) Unknown SSL protocol error in connection to alertsite.com:443 curl: (35) Unknown SSL protocol error in connection to ambest.com:443 curl: (35) Unknown SSL protocol error in connection to ananda.org:443 curl: (35) Unknown SSL protocol error in connection to apne.ws:443 curl: (35) Unknown SSL protocol error in connection to argos-spain.co.uk:443 curl: (35) Unknown SSL protocol error in connection to arisebitcoin.com:443 curl: (35) Unknown SSL protocol error in connection to ars.to:443 curl: (35) Unknown SSL protocol error in connection to artinstitutes.edu:443 curl: (35) Unknown SSL protocol error in connection to asiointi.hel.fi:443 curl: (35) Unknown SSL protocol error in connection to aspectsecurity.com:443 curl: (35) Unknown SSL protocol error in connection to balatarin.com:443 curl: (35) Unknown SSL protocol error in connection to bargains4business.com.au:443 curl: (35) Unknown SSL protocol error in connection to bbc.in:443 curl: (35) Unknown SSL protocol error in connection to bellsouth.com:443 curl: (35) Unknown SSL protocol error in connection to berkeleychessschool.org:443 curl: (35) Unknown SSL protocol error in connection to bioshockinfinite.com:443 curl: (35) Unknown SSL protocol error in connection to bitcoinmarket24.com:443 curl: (35) Unknown SSL protocol error in connection to bitly.pro:443 curl: (35) Unknown SSL protocol error in connection to bizrate.com:443 curl: (35) Unknown SSL protocol error in connection to blink-182.com:443 curl: (35) Unknown SSL protocol error in connection to blogger.co.uk:443 curl: (35) Unknown SSL protocol error in connection to blog.usenetstorm.com:443 curl: (35) Unknown SSL protocol error in connection to bluegenio.com:443 curl: (35) Unknown SSL protocol error in connection to boe.es:443 curl: (35) Unknown SSL protocol error in connection to bradford.gov.uk:443 curl: (35) Unknown SSL protocol error in connection to bucketlistly.com:443 curl: (35) Unknown SSL protocol error in connection to buzzurl.jp.eimg.jp:443 curl: (35) Unknown SSL protocol error in connection to carepackage.org:443 curl: (35) Unknown SSL protocol error in connection to casaar.com:443 curl: (35) Unknown SSL protocol error in connection to chambal.com:443 curl: (35) Unknown SSL protocol error in connection to chromerooms.com:443 curl: (35) Unknown SSL protocol error in connection to chzb.gr:443 curl: (35) Unknown SSL protocol error in connection to click-finder.jp:443 curl: (35) Unknown SSL protocol error in connection to click.showcase-tv.jp:443 curl: (35) Unknown SSL protocol error in connection to clicktale.com:443 curl: (35) Unknown SSL protocol error in connection to clicktale.net:443 curl: (35) Unknown SSL protocol error in connection to clientservices.automatedqa.com:443 curl: (35) Unknown SSL protocol error in connection to cognitivedissidents.com:443 curl: (35) Unknown SSL protocol error in connection to colossal.com:443 curl: (35) Unknown SSL protocol error in connection to consumersniper.com:443 curl: (35) Unknown SSL protocol error in connection to content.dyson.co.uk:443 curl: (35) Unknown SSL protocol error in connection to coxbusiness.com:443 curl: (35) Unknown SSL protocol error in connection to cs.is:443 curl: (35) Unknown SSL protocol error in connection to css.pantheos.com:443 curl: (35) Unknown SSL protocol error in connection to cts.vresp.com:443 curl: (35) Unknown SSL protocol error in connection to cwspodmusic.com:443 curl: (35) Unknown SSL protocol error in connection to dagensbedste.dk:443 curl: (35) Unknown SSL protocol error in connection to dbackpolice.com:443 curl: (35) Unknown SSL protocol error in connection to ditii.com:443 curl: (35) Unknown SSL protocol error in connection to dly.do:443 curl: (35) Unknown SSL protocol error in connection to do.co:443 curl: (35) Unknown SSL protocol error in connection to dynamicweb.it:443 curl: (35) Unknown SSL protocol error in connection to economist.com:443 curl: (35) Unknown SSL protocol error in connection to edeveloperz.com:443 curl: (35) Unknown SSL protocol error in connection to efukt.com:443 curl: (35) Unknown SSL protocol error in connection to elq.to:443 curl: (35) Unknown SSL protocol error in connection to evermap.com:443 curl: (35) Unknown SSL protocol error in connection to explorechicago.org:443 curl: (35) Unknown SSL protocol error in connection to faancollegenetwork.org:443 curl: (35) Unknown SSL protocol error in connection to falcon-uav.com:443 curl: (35) Unknown SSL protocol error in connection to fax.org:443 curl: (35) Unknown SSL protocol error in connection to filmbreak.com:443 curl: (35) Unknown SSL protocol error in connection to finkmanufacturing.com:443 curl: (35) Unknown SSL protocol error in connection to finnchamber.com:443 curl: (35) Unknown SSL protocol error in connection to fishbase.us:443 curl: (35) Unknown SSL protocol error in connection to flexinvestments.net:443 curl: (35) Unknown SSL protocol error in connection to flyersrights.com:443 curl: (35) Unknown SSL protocol error in connection to foreverinfamous.com:443 curl: (35) Unknown SSL protocol error in connection to fox-toolkit.net:443 curl: (35) Unknown SSL protocol error in connection to freebase.com:443 curl: (35) Unknown SSL protocol error in connection to freebaselibs.com:443 curl: (35) Unknown SSL protocol error in connection to fundageek.com:443 curl: (35) Unknown SSL protocol error in connection to gaiaonlinehelp.com:443 curl: (35) Unknown SSL protocol error in connection to gbot.me:443 curl: (35) Unknown SSL protocol error in connection to gcentral.biz:443 curl: (35) Unknown SSL protocol error in connection to gearhog.com:443 curl: (35) Unknown SSL protocol error in connection to givingcomfort.com:443 curl: (35) Unknown SSL protocol error in connection to gmedianetworks.com:443 curl: (35) Unknown SSL protocol error in connection to godl.co:443 curl: (35) Unknown SSL protocol error in connection to godownloadsongs.com:443 curl: (35) Unknown SSL protocol error in connection to good.net:443 curl: (35) Unknown SSL protocol error in connection to goodnet.com:443 curl: (35) Unknown SSL protocol error in connection to goslice.com:443 curl: (35) Unknown SSL protocol error in connection to gridzdirect.com:443 curl: (35) Unknown SSL protocol error in connection to hercules.rr.com:443 curl: (35) Unknown SSL protocol error in connection to hlat.us:443 curl: (35) Unknown SSL protocol error in connection to hmv.com:443 curl: (35) Unknown SSL protocol error in connection to hmv.co.uk:443 curl: (35) Unknown SSL protocol error in connection to hud.gov:443 curl: (35) Unknown SSL protocol error in connection to hustlercanada.com:443 curl: (35) Unknown SSL protocol error in connection to infosecurity-magazine.com:443 curl: (35) Unknown SSL protocol error in connection to instantpage.me:443 curl: (35) Unknown SSL protocol error in connection to intechnology.co.uk:443 curl: (35) Unknown SSL protocol error in connection to interc.pt:443 curl: (35) Unknown SSL protocol error in connection to isisaccreditation.imrg.org:443 curl: (35) Unknown SSL protocol error in connection to javascriptmvc.com:443 curl: (35) Unknown SSL protocol error in connection to khn.nl:443 curl: (35) Unknown SSL protocol error in connection to kneon.com:443 curl: (35) Unknown SSL protocol error in connection to konstfack.se:443 curl: (35) Unknown SSL protocol error in connection to labbb.org:443 curl: (35) Unknown SSL protocol error in connection to lat.ms:443 curl: (35) Unknown SSL protocol error in connection to lemde.fr:443 curl: (35) Unknown SSL protocol error in connection to linksalpha.com:443 curl: (35) Unknown SSL protocol error in connection to linksysbycisco.com:443 curl: (35) Unknown SSL protocol error in connection to litehosting.org:443 curl: (35) Unknown SSL protocol error in connection to locaweb.com.br:443 curl: (35) Unknown SSL protocol error in connection to login.numergy.com:443 curl: (35) Unknown SSL protocol error in connection to lotusoriginals.com:443 curl: (35) Unknown SSL protocol error in connection to marketwire.com:443 curl: (35) Unknown SSL protocol error in connection to markonefoods.com:443 curl: (35) Unknown SSL protocol error in connection to mbl.is:443 curl: (35) Unknown SSL protocol error in connection to media.marketwire.com:443 curl: (35) Unknown SSL protocol error in connection to media.pantheos.com:443 curl: (35) Unknown SSL protocol error in connection to media.skyandtelescope.com:443 curl: (35) Unknown SSL protocol error in connection to metapress.org:443 curl: (35) Unknown SSL protocol error in connection to mtmweb.com:443 curl: (35) Unknown SSL protocol error in connection to mybenefitscalwin.net:443 curl: (35) Unknown SSL protocol error in connection to mybitcointrade.com:443 curl: (35) Unknown SSL protocol error in connection to mygreenbeanextract.com:443 curl: (35) Unknown SSL protocol error in connection to mzl.la:443 curl: (35) Unknown SSL protocol error in connection to narac.com:443 curl: (35) Unknown SSL protocol error in connection to navicast.co.jp:443 curl: (35) Unknown SSL protocol error in connection to netseer.com:443 curl: (35) Unknown SSL protocol error in connection to networkedblogs.com:443 curl: (35) Unknown SSL protocol error in connection to nmargin.com:443 curl: (35) Unknown SSL protocol error in connection to n.pr:443 curl: (35) Unknown SSL protocol error in connection to nyti.ms:443 curl: (35) Unknown SSL protocol error in connection to okpartypix.com:443 curl: (35) Unknown SSL protocol error in connection to olb2.nationet.com:443 curl: (35) Unknown SSL protocol error in connection to olb.nationwideinternational.com:443 curl: (35) Unknown SSL protocol error in connection to olb.nationwideuk.ie:443 curl: (35) Unknown SSL protocol error in connection to on.cfr.org:443 curl: (35) Unknown SSL protocol error in connection to on.wsj.com:443 curl: (35) Unknown SSL protocol error in connection to oomphme.com:443 curl: (35) Unknown SSL protocol error in connection to os3sec.org:443 curl: (35) Unknown SSL protocol error in connection to osa.org:443 curl: (35) Unknown SSL protocol error in connection to outernet.is:443 curl: (35) Unknown SSL protocol error in connection to pantheos.com:443 curl: (35) Unknown SSL protocol error in connection to pcmd.ac.uk:443 curl: (35) Unknown SSL protocol error in connection to pengpod.com:443 curl: (35) Unknown SSL protocol error in connection to pixoto.com:443 curl: (35) Unknown SSL protocol error in connection to polymer-project.org:443 curl: (35) Unknown SSL protocol error in connection to pricerunner.com:443 curl: (35) Unknown SSL protocol error in connection to product.adingo.jp.eimg.jp:443 curl: (35) Unknown SSL protocol error in connection to projectslice.com:443 curl: (35) Unknown SSL protocol error in connection to prudentbear.com:443 curl: (35) Unknown SSL protocol error in connection to pulpcentral.com:443 curl: (35) Unknown SSL protocol error in connection to qualityagent.com:443 curl: (35) Unknown SSL protocol error in connection to rapidbuyr.com:443 curl: (35) Unknown SSL protocol error in connection to rbl.ms:443 curl: (35) Unknown SSL protocol error in connection to realtidbits.com:443 curl: (35) Unknown SSL protocol error in connection to reelstatic.com:443 curl: (35) Unknown SSL protocol error in connection to reputation.com:443 curl: (35) Unknown SSL protocol error in connection to reut.rs:443 curl: (35) Unknown SSL protocol error in connection to rhul.ac.uk:443 curl: (35) Unknown SSL protocol error in connection to rr.com:443 curl: (35) Unknown SSL protocol error in connection to sanwork.com:443 curl: (35) Unknown SSL protocol error in connection to schiedam.nl:443 curl: (35) Unknown SSL protocol error in connection to searchterms.com:443 curl: (35) Unknown SSL protocol error in connection to secure.game.se:443 curl: (35) Unknown SSL protocol error in connection to securityexe.com:443 curl: (35) Unknown SSL protocol error in connection to sharpfile.com:443 curl: (35) Unknown SSL protocol error in connection to sickdaysurfshop.com:443 curl: (35) Unknown SSL protocol error in connection to siff.net:443 curl: (35) Unknown SSL protocol error in connection to sizzlesitesinc.com:443 curl: (35) Unknown SSL protocol error in connection to slate.me:443 curl: (35) Unknown SSL protocol error in connection to socialprogressimperative.org:443 curl: (35) Unknown SSL protocol error in connection to sophievipescort.com:443 curl: (35) Unknown SSL protocol error in connection to southern-electric.co.uk:443 curl: (35) Unknown SSL protocol error in connection to spriza.com:443 curl: (35) Unknown SSL protocol error in connection to star-pool.com:443 curl: (35) Unknown SSL protocol error in connection to state.gov:443 curl: (35) Unknown SSL protocol error in connection to sublimevideo.net:443 curl: (35) Unknown SSL protocol error in connection to switch.co:443 curl: (35) Unknown SSL protocol error in connection to theatln.tc:443 curl: (35) Unknown SSL protocol error in connection to thecanadianpress.com:443 curl: (35) Unknown SSL protocol error in connection to the-group.net:443 curl: (35) Unknown SSL protocol error in connection to theiabm.org:443 curl: (35) Unknown SSL protocol error in connection to thesatanictemple.org:443 curl: (35) Unknown SSL protocol error in connection to theskoop.ca:443 curl: (35) Unknown SSL protocol error in connection to thetimes.co.uk:443 curl: (35) Unknown SSL protocol error in connection to tl63.co.uk:443 curl: (35) Unknown SSL protocol error in connection to tmp.com:443 curl: (35) Unknown SSL protocol error in connection to t-online.de.intellitxt.com:443 curl: (35) Unknown SSL protocol error in connection to to.pbs.org:443 curl: (35) Unknown SSL protocol error in connection to tornadoweb.org:443 curl: (35) Unknown SSL protocol error in connection to transactauto.com:443 curl: (35) Unknown SSL protocol error in connection to travelingnuker.com:443 curl: (35) Unknown SSL protocol error in connection to tumeapp.com:443 curl: (35) Unknown SSL protocol error in connection to ubm.io:443 curl: (35) Unknown SSL protocol error in connection to ucla.in:443 curl: (35) Unknown SSL protocol error in connection to unblock-us.com:443 curl: (35) Unknown SSL protocol error in connection to unisys.com:443 curl: (35) Unknown SSL protocol error in connection to unodc.org:443 curl: (35) Unknown SSL protocol error in connection to unpac.org:443 curl: (35) Unknown SSL protocol error in connection to uproxy.org:443 curl: (35) Unknown SSL protocol error in connection to upsploit.com:443 curl: (35) Unknown SSL protocol error in connection to usat.ly:443 curl: (35) Unknown SSL protocol error in connection to virustotal.com:443 curl: (35) Unknown SSL protocol error in connection to vub.sk:443 curl: (35) Unknown SSL protocol error in connection to vvcap.net:443 curl: (35) Unknown SSL protocol error in connection to waeplus.co.uk:443 curl: (35) Unknown SSL protocol error in connection to walk.sc:443 curl: (35) Unknown SSL protocol error in connection to wapo.st:443 curl: (35) Unknown SSL protocol error in connection to webct.ucsd.edu:443 curl: (35) Unknown SSL protocol error in connection to webtrust.org:443 curl: (35) Unknown SSL protocol error in connection to weeklyplus.com:443 curl: (35) Unknown SSL protocol error in connection to wolfsonmicro.com:443 curl: (35) Unknown SSL protocol error in connection to world-television.com:443 curl: (35) Unknown SSL protocol error in connection to wrd.cm:443 curl: (35) Unknown SSL protocol error in connection to wrzru.com:443 curl: (35) Unknown SSL protocol error in connection to wwdomains.com:443 curl: (35) Unknown SSL protocol error in connection to www.1tw.org:443 curl: (35) Unknown SSL protocol error in connection to www.adultcineporn.com:443 curl: (35) Unknown SSL protocol error in connection to www.argos-spain.co.uk:443 curl: (35) Unknown SSL protocol error in connection to www.arisebitcoin.com:443 curl: (35) Unknown SSL protocol error in connection to www.bitcoinmarket24.com:443 curl: (35) Unknown SSL protocol error in connection to www.bitly.com:443 curl: (35) Unknown SSL protocol error in connection to www.bitly.pro:443 curl: (35) Unknown SSL protocol error in connection to www.blink-182.com:443 curl: (35) Unknown SSL protocol error in connection to www.bradford.gov.uk:443 curl: (35) Unknown SSL protocol error in connection to www.casaar.com:443 curl: (35) Unknown SSL protocol error in connection to www.chinalaborwatch.org:443 curl: (35) Unknown SSL protocol error in connection to www.chromerooms.com:443 curl: (35) Unknown SSL protocol error in connection to www.consumersniper.com:443 curl: (35) Unknown SSL protocol error in connection to www.cp.org:443 curl: (35) Unknown SSL protocol error in connection to www.cxcloud.com:443 curl: (35) Unknown SSL protocol error in connection to www.dagensbedste.dk:443 curl: (35) Unknown SSL protocol error in connection to www.diasporaproject.org:443 curl: (35) Unknown SSL protocol error in connection to www.ditii.com:443 curl: (35) Unknown SSL protocol error in connection to www.dynamicweb.it:443 curl: (35) Unknown SSL protocol error in connection to www.econda-monitor.de:443 curl: (35) Unknown SSL protocol error in connection to www.efukt.com:443 curl: (35) Unknown SSL protocol error in connection to www.evermap.com:443 curl: (35) Unknown SSL protocol error in connection to www.faancollegenetwork.org:443 curl: (35) Unknown SSL protocol error in connection to www.finkmanufacturing.com:443 curl: (35) Unknown SSL protocol error in connection to www.gcentral.biz:443 curl: (35) Unknown SSL protocol error in connection to www.givingcomfort.com:443 curl: (35) Unknown SSL protocol error in connection to www.godownloadsongs.com:443 curl: (35) Unknown SSL protocol error in connection to www.gridzdirect.com:443 curl: (35) Unknown SSL protocol error in connection to www.heusden.nl:443 curl: (35) Unknown SSL protocol error in connection to www.html5rocks.com:443 curl: (35) Unknown SSL protocol error in connection to www.hustlercanada.com:443 curl: (35) Unknown SSL protocol error in connection to www.intechnology.co.uk:443 curl: (35) Unknown SSL protocol error in connection to www.labbb.org:443 curl: (35) Unknown SSL protocol error in connection to www.linksysbycisco.com:443 curl: (35) Unknown SSL protocol error in connection to www.litehosting.org:443 curl: (35) Unknown SSL protocol error in connection to www.lotusoriginals.com:443 curl: (35) Unknown SSL protocol error in connection to www.marketwire.com:443 curl: (35) Unknown SSL protocol error in connection to www.markonefoods.com:443 curl: (35) Unknown SSL protocol error in connection to www.metapress.org:443 curl: (35) Unknown SSL protocol error in connection to www.mtmweb.com:443 curl: (35) Unknown SSL protocol error in connection to www.mybenefitscalwin.net:443 curl: (35) Unknown SSL protocol error in connection to www.mybitcointrade.com:443 curl: (35) Unknown SSL protocol error in connection to www.mzl.la:443 curl: (35) Unknown SSL protocol error in connection to www.narac.com:443 curl: (35) Unknown SSL protocol error in connection to www.nl.frieslandcampina.com:443 curl: (35) Unknown SSL protocol error in connection to www.nmargin.com:443 curl: (35) Unknown SSL protocol error in connection to www.occupywallst.org:443 curl: (35) Unknown SSL protocol error in connection to www.openuserjs.org:443 curl: (35) Unknown SSL protocol error in connection to www.os3sec.org:443 curl: (35) Unknown SSL protocol error in connection to www.pantheos.com:443 curl: (35) Unknown SSL protocol error in connection to www.prudentbear.com:443 curl: (35) Unknown SSL protocol error in connection to www.rbl.ms:443 curl: (35) Unknown SSL protocol error in connection to www.rr.com:443 curl: (35) Unknown SSL protocol error in connection to www.schiedam.nl:443 curl: (35) Unknown SSL protocol error in connection to www.scrapbookroyalty.org:443 curl: (35) Unknown SSL protocol error in connection to www.securityexe.com:443 curl: (35) Unknown SSL protocol error in connection to www.server.cpmstar.com:443 curl: (35) Unknown SSL protocol error in connection to www.sharpfile.com:443 curl: (35) Unknown SSL protocol error in connection to www.siff.net:443 curl: (35) Unknown SSL protocol error in connection to www.sophievipescort.com:443 curl: (35) Unknown SSL protocol error in connection to www.star-pool.com:443 curl: (35) Unknown SSL protocol error in connection to www.telekom.at:443 curl: (35) Unknown SSL protocol error in connection to www.theiabm.org:443 curl: (35) Unknown SSL protocol error in connection to www.thesatanictemple.org:443 curl: (35) Unknown SSL protocol error in connection to www.theskoop.ca:443 curl: (35) Unknown SSL protocol error in connection to www.tl63.co.uk:443 curl: (35) Unknown SSL protocol error in connection to www.transactauto.com:443 curl: (35) Unknown SSL protocol error in connection to www.tumeapp.com:443 curl: (35) Unknown SSL protocol error in connection to www.uaf.uu.se:443 curl: (35) Unknown SSL protocol error in connection to www.unodc.org:443 curl: (35) Unknown SSL protocol error in connection to www.unpac.org:443 curl: (35) Unknown SSL protocol error in connection to www.vvcap.net:443 curl: (35) Unknown SSL protocol error in connection to www.weeklyplus.com:443 curl: (35) Unknown SSL protocol error in connection to www.wolfsonmicro.com:443 curl: (35) Unknown SSL protocol error in connection to www.wwdomains.com:443 curl: (35) Unknown SSL protocol error in connection to www.xhamsterinfo.com:443 curl: (35) Unknown SSL protocol error in connection to www.xoskins.com:443 curl: (35) Unknown SSL protocol error in connection to www.ysubookstore.com:443 curl: (35) Unknown SSL protocol error in connection to xhamsterinfo.com:443 curl: (35) Unknown SSL protocol error in connection to ysubookstore.com:443 curl: (35) Unknown SSL protocol error in connection to zenfolio.com:443 curl: (35) Unknown SSL protocol error in connection to zingcheckout.com:443

Which seem to correspond to 

<ruleset name="1TW.org">
<ruleset name="2K Sports">
<ruleset name="350zEvolution.com">
<ruleset name="A.M. Best Company (partial)">
<ruleset name="Act.demandprogress.org">
<ruleset name="AdSpeed (partial)">
<ruleset name="Ananda Sangha">
<ruleset name="Anyproz">
<ruleset name="Arisebitcoin.com">
<ruleset name="Ars Technica (partial)">
<ruleset name="Aspect Security">
<ruleset name="Balatarin" platform="mixedcontent">
<ruleset name="Bargains 4 Business">
<ruleset name="BellSouth (partial)">
<ruleset name="Berkeley Chess School (partial)">
<ruleset name="BioShock Infinite">
<ruleset name="Bitcoin Börse">
<ruleset name="Bitcoin Market 24">
<ruleset name="Bizrate.com (partial)">
<ruleset name="BlueGenio.com">
<ruleset name="Boe.es">
<ruleset name="BucketListly.com (partial)">
<ruleset name="CAREpackage (partial)">
<ruleset name="CWSPOD Music (partial)" platform="mixedcontent">
<ruleset name="Casaar.com (false MCB)" platform="mixedcontent">
<ruleset name="Casaar.com (partial)">
<ruleset name="Center for American Progress (partial)">
<ruleset name="Chambal (partial)">
<ruleset name="Charity Wings" platform="mixedcontent">
<ruleset name="Chrome Rooms.com">
<ruleset name="ClickTale">
<ruleset name="CloudSwitch">
<ruleset name="Comodo">
<ruleset name="ConsumerSniper.com">
<ruleset name="DbackPolice.com">
<ruleset name="Demand Progress">
<ruleset name="Economist (partial)">
<ruleset name="EuroPriSe" platform="mixedcontent">
<ruleset name="EverMap.com">
<ruleset name="FilmBreak">
<ruleset name="Fineproxy.org (partial)">
<ruleset name="Flex Investments">
<ruleset name="Fluendo (partial)">
<ruleset name="FlyersRights.org">
<ruleset name="Freebase (partial)">
<ruleset name="FundaGeek (partial)">
<ruleset name="G Central">
<ruleset name="GAME.se (partial)">
<ruleset name="GivingComfort.org">
<ruleset name="GivingPrograms.com" platform="mixedcontent">
<ruleset name="Gogobot (partial)">
<ruleset name="Good.net">
<ruleset name="Good.net">
<ruleset name="Green Coffee Bean Extract">
<ruleset name="Gridz Direct.com (false MCB)" platform="mixedcontent">
<ruleset name="HMV">
<ruleset name="HabboLatino">
<ruleset name="Helsinki (partial)">
<ruleset name="IABM">
<ruleset name="InTechnology.co.uk">
<ruleset name="Infamous">
<ruleset name="Interactive Media in Retail Group (partial)">
<ruleset name="Interc.pt">
<ruleset name="Invodo (partial)">
<ruleset name="JavaScriptMVC (partial)">
<ruleset name="Jimdo (partial)">
<ruleset name="KHN.nl">
<ruleset name="Kneon.com (partial)">
<ruleset name="Konstfack.se" platform="mixedcontent">
<ruleset name="Le Monde.fr (partial)">
<ruleset name="LinksAlpha.com (partial)">
<ruleset name="Linksysbycisco.com" platform="mixedcontent">
<ruleset name="Linksysbycisco.com" platform="mixedcontent">
<ruleset name="LiteHosting.org (partial)">
<ruleset name="Locaweb (partial)">
<ruleset name="Marketwire">
<ruleset name="Mastermind">
<ruleset name="MetaPress (partial)">
<ruleset name="Monoprice">
<ruleset name="Narac.com">
<ruleset name="Nationwide Building Society (partial)">
<ruleset name="Necessary and Proportionate.org">
<ruleset name="NetSeer">
<ruleset name="NetworkedBlogs">
<ruleset name="Nintendo.com (partial) ">
<ruleset name="Occupywallst.org">
<ruleset name="Outernet">
<ruleset name="PULP">
<ruleset name="Pagoda Box">
<ruleset name="Pantheos (partial)">
<ruleset name="PaulDotCom.com (partial, false MCB)" platform="mixedcontent">
<ruleset name="PengPod.com">
<ruleset name="Peninsula College of Medicine &amp; Dentistry (partial)">
<ruleset name="Pheedo.com (partial)">
<ruleset name="Pixoto">
<ruleset name="Polymer-Project.org">
<ruleset name="PriceRunner (partial)" platform="mixedcontent">
<ruleset name="PrintFriendly (partial)">
<ruleset name="Public.Resource.Org">
<ruleset name="QualityAgent (partial)">
<ruleset name="RHUL.ac.uk (partial)">
<ruleset name="Rbl.Ms (partial)">
<ruleset name="Realtidbits (partial)">
<ruleset name="Reed Exhibitions (partial)" platform="mixedcontent">
<ruleset name="Reputation.com (partial)">
<ruleset name="RoadRunner" platform="mixedcontent">
<ruleset name="RoadRunner" platform="mixedcontent">
<ruleset name="SIFF">
<ruleset name="SIFF">
<ruleset name="Sanworks">
<ruleset name="Scrambl.is">
<ruleset name="Sedo.com">
<ruleset name="SharpFile.com (partial)" platform="mixedcontent">
<ruleset name="Showcase-TV" platform="mixedcontent">
<ruleset name="SickDay surf shop.com">
<ruleset name="Site Blindado">
<ruleset name="Sizzle Sites">
<ruleset name="SmartBear (partial)">
<ruleset name="Songsterr.com (partial)">
<ruleset name="SouthernElectric" platform="mixedcontent">
<ruleset name="Space Inch (partial)" platform="mixedcontent">
<ruleset name="Spriza.com">
<ruleset name="Star-Pool (partial)">
<ruleset name="SublimeVideo (partial)">
<ruleset name="Sunshinepress.org" platform="firefox">
<ruleset name="Switch.co">
<ruleset name="T-Online (partial)">
<ruleset name="TMP.com">
<ruleset name="Temando.com">
<ruleset name="The Art Institutes (partial)">
<ruleset name="The Canadian Press">
<ruleset name="The Group">
<ruleset name="The Skoop">
<ruleset name="The Times">
<ruleset name="ThinkProgress.org (false MCB)" platform="mixedcontent">
<ruleset name="ThisisColossal.com (false MCB)" platform="mixedcontent">
<ruleset name="TorrentPrivacy (partial)" platform="mixedcontent">
<ruleset name="Transact Auto">
<ruleset name="Travelingnuker.com">
<ruleset name="UNODC.org" platform="mixedcontent">
<ruleset name="UNODC.org" platform="mixedcontent">
<ruleset name="US Department of Housing and Urban Development (partial)">
<ruleset name="Unblock-Us.com (partial)">
<ruleset name="Unisys.com (partial)">
<ruleset name="VerticalResponse">
<ruleset name="VirusTotal">
<ruleset name="Vub.sk">
<ruleset name="WRZRU">
<ruleset name="WebTrust (partial)">
<ruleset name="WeeklyPlus (partial)">
<ruleset name="Wolfson Microelectronics (partial)">
<ruleset name="World Television">
<ruleset name="XO Skins" platform="mixedcontent">
<ruleset name="Youngstown State University Bookstore">
<ruleset name="Youngstown State University Bookstore">
<ruleset name="Zedo (partial)">
<ruleset name="Zenfolio (partial)">
<ruleset name="Zing Checkout.com (partial)">
<ruleset name="adsrvmedia.com">
<ruleset name="adultcineporn.com">
<ruleset name="amiando (partial)">
<ruleset name="bit.ly vanity domains">
<ruleset name="blink-182 (partial)">
<ruleset name="brevado">
<ruleset name="dotCOM host">
<ruleset name="eDeveloperz (partial)">
<ruleset name="eFukt.com">
<ruleset name="econda-monitor.de">
<ruleset name="gmedianetworks.com">
<ruleset name="mbl.is (partial)">
<ruleset name="os3sec.org">
<ruleset name="pro186.com (partial)">
<ruleset name="uProxy.org">
<ruleset name="unPAC">
<ruleset name="upSploit.com">
nemobis commented 9 years ago

Should/can I just proceed to send a pull request for a batch rules update? Cc @semenko, @reedy.

reedy commented 9 years ago

I can't see any reason why not.. There's good reason to update/disable/remove these rulesets

reedy commented 9 years ago 
[18:50:52] <Negres0> Could someone for whom github works reopen it (#849), please.
jsha commented 9 years ago

@nemobis yes, please do submit a pull request removing these target domains from their rulesets. If they are the only target in their ruleset, delete the entire ruleset. Thanks!

jsha commented 9 years ago

@2d1, any chance you'd be interested in putting together a pull requests that removes these non-accepting domains from rulesets? I'm hoping to promote the 5.0 branch to stable by the end of the month, and this seems like something that should definitely be included.

nemobis commented 9 years ago

I'm working on this right now. Some sources of error are unclear, for instance https://zingcheckout.com seems to be about a self-signed certificate and other errors I don't understand:

$ curl -I https://asiointi.hel.fi
curl: (35) Encountered end of file
nemobis commented 9 years ago

I sent a PR but it needs review, unless it's ok to risk reducing thoroughness in favour of not breaking users' browsing by default.

nemobis commented 9 years ago

Maybe your curl script ran into a transient failure? Would be good to run again and check the difference, in case other domains got caught by transient failures.

I can rerun the script, but it takes several hours: it would be useful for me to know if failures from certificates errors should be ignored or not and what timeout to set. Also, I see test.sh does fancy checks for domains, perhaps I should look into adding a curl/something test in there.

jsha commented 9 years ago

The place to add a more robust version of this test would be in src/chrome/content/ruleset-tests.js, which currently only tests for mixed content blocking. Would be great to have it test for failed connections (and also output a set of ruleset files to fix).

Yes, certificate errors should definitely count as a problem. Timeout can be generous, say 30 seconds.

nemobis commented 9 years ago

I'll look into ruleset-tests.js.

jsha, 22/01/2015 20:12:

Yes, certificate errors should definitely count as a problem. Timeout can be generous, say 30 seconds.

Ok. It will probably take a day then.

fuzzyroddis commented 9 years ago

@nemobis interesting that https://www.ssllabs.com/ssltest/analyze.html?d=asiointi.hel.fi&latest shows it to work.

I remember reading about the protocol handshake version causing problems and something like https://serverfault.com/a/496999 may fix it.

I should reread over Bulletproof SSL and TLS.

fuzzyroddis commented 9 years ago

@nemobis I chose a host at random from the original list: evermap.com, but it does work | https://www.ssllabs.com/ssltest/analyze.html?d=evermap.com

I also noticed virustotal which I use a lot and has supported https for a while now: curl: (35) Unknown SSL protocol error in connection to virustotal.com:443

I tried using curl myself:

# curl -i -X HEAD https://virustotal.com
curl: (35) Unknown SSL protocol error in connection to virustotal.com:443

Hm.. turns out no-www doesn't work.

nemobis commented 9 years ago

Steven Roddis, 29/01/2015 10:25:

@nemobis I chose a host at random from the original list: evermap.com, but it does work | https://www.ssllabs.com/ssltest/analyze.html?d=evermap.com

I also noticed virustotal which I use a lot and has supported https for a while now: |curl: (35) Unknown SSL protocol error in connection to virustotal.com:443|

Maybe the first was a temporary issue; the second is because the second level domain is not configured, while https://www.virustotal.com/ works.

If we want to work on the current patch, I'll process such comments as they come in or others can amend the patch as they wish (does that need me to give push rights in my fork?).

If we want a more comprehensive and safer approach, that's #979 + #529. (I'll leave a comment in the latter in a moment, please check and lend a hand if possible.)

jsha commented 9 years ago

@nemobis: I'd like to be able to merge this patch, since I think we definitely need to take a more aggressive approach to disabling rulesets that might be bad. However, the evermap example points out a big problem with the methodology: The ruleset actually indicates in a comment the www.evermap.com doesn't work, only evermap.com. And the rewrite rules take care of that by rewriting www.evermap.com to evermap.com.

I think we probably do need to pursue the more complex approach of updating ruleset-tests.js.

nemobis commented 9 years ago

jsha, 29/01/2015 18:51:

I think we probably do need to pursue the more complex approach of updating ruleset-tests.js.

Indeed. We can call my patch a proof of concept at best. ;)

fuzzyroddis commented 9 years ago

The ruleset actually indicates in a comment the www.evermap.com doesn't work, only evermap.com. Ah that would make sense.

Tonight I'm going to run https://github.com/ssllabs/ssllabs-scan with the list here https://github.com/EFForg/https-everywhere/issues/849#issue-53071543

Thanks @nemobis you are doing a good job.

jsha commented 9 years ago

One other possible tool: I have on old branch that uses the rewrite rules in Node: https://github.com/EFForg/https-everywhere/pull/81. It was intended to help webmaster rewrite their pages. But it could be a useful and high-performing way to run a set of input URLs through rewriting, then fetch the results (in Node) and check for connection failure, bad cert, etc. This might be a lighter-weight solution than the full ruleset-tests.js approach which takes a very long time.

fuzzyroddis commented 9 years ago

After running: ./ssllabs-scan --quiet --hostfile httpsE.txt --usecache --grade > httpsE.log and removing F and M grades I got:

alertsite.com: B
ananda.org: B
aspectsecurity.com: C
bizrate.com: B
bradford.gov.uk: C
click-finder.jp: C
click.showcase-tv.jp: C
cts.vresp.com: C
evermap.com: B
filmbreak.com: A
godownloadsongs.com: A-
efukt.com: A
goslice.com: B
login.numergy.com: C
locaweb.com.br: C
media.marketwire.com: C
marketwire.com: C
navicast.co.jp: C
pixoto.com: B
reputation.com: B
rhul.ac.uk: B
schiedam.nl: B
spriza.com: B
sublimevideo.net: B
www.bradford.gov.uk: C
unodc.org: B
www.efukt.com: A
www.evermap.com: B
www.godownloadsongs.com: A-
www.bitly.com: A
www.marketwire.com: C
www.schiedam.nl: B
www.unodc.org: B
ysubookstore.com: C
www.ysubookstore.com: C
www.server.cpmstar.com: C
zenfolio.com: C
www.openuserjs.org: C
jsha commented 9 years ago

I wrote a ruleset tester in Node that takes into account rewrites and keeps track of corresponding rulesets. It also produces some false positives that I need to track down, but it is worth trying. You can pull it from my rules-tester branch:

https://github.com/jsha/https-everywhere/tree/rules-tester

To use it, run

js rewriter/tester.js

or, to test only rulesets whose filename matches a given pattern, run:

js rewriter/tester.js EFF

jsha commented 9 years ago

Oh, first you will have to:

cd rewriter
npm install
jsha commented 9 years ago

Summary of existing tools to do this:

Micah's ruleset tester in src/chrome/content/ruleset-tests.js. Advantages: runs in browser with real extension, so is most accurate simulation. Disadvantages: Requires manual start, is very slow and resource intensive, only looks for mixed content, output must be copied and paste, currently doesn't work.

Peter's test script in util/single_rule_response.py: Advantages: potentially faster since non-browser. Disadvantages: only tests one rule at a time, appears to currently be broken.

My test script in 'rules-tester' branch: https://github.com/jsha/https-everywhere/blob/rules-tester/rewriter/tester.js. Advantages: fairly fast. Disadvantages: Currently a number of false positives due to a bug in Node where it doesn't connect to multiple IP addresses for a host. Possibly other false positives.

@hiviah's ruleset checker in https://github.com/hiviah/https-everywhere-checker. Advantages: Seems fairly sophisticated, handles redirects and checks diffs between pages. Right now I'm testing this one out.

jsha commented 9 years ago

Fixed.

  • © Githubissues.
  • Githubissues is a development platform for aggregating issues.