Closed Bug 1486708 Opened 6 years ago Closed 6 years ago

Disabled SSL certificate: not given the ability to override

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1484006

People

(Reporter: jya, Unassigned)

Details

Attachments

(1 file)

Screen Shot 2018-08-28 at 10.18.02 am.png
319.87 KB, image/png
Details 
Going to the page: https://serviceclients.lesechos.fr/customer/account/login

now gives the message: 
Warning: Potential Security Risk Ahead

serviceclients.lesechos.fr uses an invalid security certificate. The security certificate for serviceclients.lesechos.fr is not trustworthy because the issuing organization failed to follow security practices. Certificates issued by Symantec, including the Thawte, GeoTrust, and RapidSSL brands, are not considered safe. Error code: MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED

Which is fine.

The only option from that point on however is "Go Back (Recommended)" there is no option to override the blocking of the SSL certificate.

Firefox shouldn't impose a behaviour once it's clearly explained the reasons/dangers in browsing a site.

There used to be an "override" button and the ability to remember a decision.
This is by design. The HSTS spec imposes the behavior, not Firefox. The HSTS spec is very clear about that User-Agent must not provide "click through" exceptions.

You can change "security.pki.distrust_ca_policy" to "1" in about:config to revert the behavior.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: