Open Bug 1683382 Opened 4 years ago Updated 4 years ago

Kaspersky interferes with HTTPS-only mode override for bad certs

Categories

(Core :: DOM: Security, task, P3)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

People

(Reporter: dveditz, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

Attachments

(1 file)

Capture d%u2019écran (35).png
706.89 KB, image/png
Details

If you use Kaspersky in monitoring mode, it interferes with HTTPS-only mode's ability to allow overrides for sites that don't have an HTTPS version, but are on shared hosting that does have a mis-matched certificate. Instead of our HTTPS-only "Secure Site Not Available" interstitial that allows an override, Kaspersky tells the user about the bad cert and does not allow an override.

If users know about it they can use the lock-icon doorhanger to turn off HTTPS-only mode for that site, but our nice helpful UI is zapped. See customer screenshot.

Summary: Kaspersky interferes with HTTPS-only mode failures → Kaspersky interferes with HTTPS-only mode override for bad certs

Potentially we could reach out to Kaspersky, because I don't know of a fix in the browser. The workaround is to temporarily allow http connections I guess.

Blocks: https-only-mode
Severity: -- → S3
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: