Open Bug 1689133 Opened 5 years ago Updated 3 years ago

Can't disable HTTPS Only Mode from the TLS security warning page

Categories

(Core :: DOM: Security, defect, P3)

Product:
Core
Component:
DOM: Security
Version:
Firefox 85
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: max.nordlund, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

(Whiteboard: [domsecurity-backlog1])

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0

Steps to reproduce:

Enable HTTPS Only Mode everywhere
Visit https://tasvideos.org/5860S.html
This shows a security warning, SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED

Actual results:

There's no way to disable HTTPS Only Mode from that page. I know it's bad practice to bypass warnings, but the alternative is to disable HTTPS Only Mode which is arguably worse.

Expected results:

Like the normal HTTPS Only Mode error/warning page, there should be a button to disable HTTPS Only Mode for this particular site.

See Also: → 1689132

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → DOM: Security
Product: Firefox → Core
Blocks: https-only-mode
Severity: -- → S3
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]

The warning I get is also bypassable, just in a different way. A weak encryption is still better than turning off SSL completely I would thing.

You need to log in before you can comment on or make changes to this bug.