mullvad / mullvad-browser

Privacy-focused browser for Linux, macOS and Windows. Made in collaboration between @torproject and @mullvad
https://mullvad.net/browser
1.32k stars 25 forks source link

SSL cert error, has no option for "Proceed anyway" #145

Open AutonomousCat opened 1 year ago

AutonomousCat commented 1 year ago

How to reproduce: Visit progressive.com with HTTPS Everywhere Only mode on

image

AutonomousCat commented 1 year ago

Adding that I know it's only related to Mullvad Browser because I use LibreWolf (also with HTTPS Everywhere mode on) when something isn't working right in Mullvad Browser.

Thorin-Oakenpants commented 1 year ago

on windows I can accept (also same result in MB13 alpha)

mb12 5-windows

Thorin-Oakenpants commented 1 year ago

TB, FWIW (I guess they're blocking tor), but that's no to say the same underlying cert issue isn't present in both

TB

PieroV commented 1 year ago

@AutonomousCat the mode is HTTPS Only. Do you have some version of HTTPS Everywhere installed, perhaps?

We have at least two problems here:

  1. Server side: their webserver is configured to use something not supported by older versions of Firefox
  2. Client side: you're seeing this host as HSTS. When this happens, the proceed anyway is hidden.

Regarding 1, please check also this screenshot:

Screenshot from 2023-09-20 16-39-02

Mullvad Browser is missing the CA. The same happens with Firefox 115.2.1 ESR.

But for number 2, I don't have a clue. I wonder if they removed the HSTS header after people telling them they had problems.

ruihildt commented 1 year ago

@AutonomousCat Can you confirm you're talking about HTTPS-Only and not HTTPS Everywhere?

I just checked with Mullvad Browser 12.5.6 and 13.0a6, and I could proceed in both cases.

AutonomousCat commented 1 year ago

@ruihildt Sorry for the late reply, I just re-remembered this issue when I went to Progressive's site today. Couldn't and had to open LibreWolf. It's indeed HTTPS Only. I'm not using another HTTPS extension

ruihildt commented 7 months ago

@AutonomousCat Just revisited this issue, and it seems to be working now.

Can you confirm on your end?