Disable "This Connection is Untrusted" dialog



Core Graveyard
Security: UI
6 years ago
a year ago


(Reporter: lesliewu2008, Unassigned)


10 Branch
Windows 7

Firefox Tracking Flags

(Not tracked)




6 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 Firefox/10.0
Build ID: 20120130064731

Steps to reproduce:

Navigating to a lot of websites will be blocked by firefox saying "This Connection is Untrusted" and adding exception for each one is a huge waste of time.

Actual results:

Firefox display "This Connection is Untrusted" page. I have to click "I Understand the Risks"--->"Add Exception...",then click "Confirm Security Exception" in "Add Exception" dialog.

Expected results:

Could you please provide a preference for auto dismiss this kind of security check so that every page can be accessed without adding exception in database file.

Comment 1

6 years ago
The certificate chain is an important part of making a connection to the server secure. This is why an option to disable the check isn't included.

That said there are a few extensions that can help you make self-signed cert sites a little bit more usable, perspective[1] is one example.

The reason that self-signed (with out an already added exception) is insecure, is that you have no guarantee that your actually talking to the server you think your talking to. Anyone could create a new self-signed cert and use it for the domain so MitM is not prevented.

[1] https://addons.mozilla.org/en-US/firefox/addon/perspectives/


6 years ago
Severity: normal → enhancement
Component: Untriaged → Security: UI
Product: Firefox → Core

Comment 2

6 years ago
I don't know how doable this is, but I don't think it's a good idea considering the risks.

Someone working on Security can definitely make a better case here, whether it's pro or con.
Ever confirmed: true
(In reply to lesliewu2008 from comment #0)
> Navigating to a lot of websites will be blocked by firefox saying "This
> Connection is Untrusted" and adding exception for each one is a huge waste
> of time.

Please provide some URLs that you're experiencing this with. If you are experiencing this especially frequently, it may be a symptom of malware on your computer.

Comment 4

4 years ago
Today I got into trouble too as I have set by accident the wrong date which resulted that this warning appeared on every https site. This gets especially annoying if somebody wants to look for a solution at https://support.mozilla.org as this warning appears there too but even without the option to whitelist this site ("I Understand the Risks" was missing). I think there should be at least an option in about:config to control this behavior more (including disabling it).
As noted in comment 4, we need specific URLs to check.

If you're getting this error on legitimate sites like https://support.mozilla.org, that's a definite sign that you have malware on your computer or your network connections are being attacked. We're not going to add a global override to ignore such things.
Last Resolved: 4 years ago
Resolution: --- → INVALID

Comment 6

4 years ago
As I said the date was wrong - this has nothing todo with an infection or an attack. But as this ticket is now closed I'm simply open a new one for this case.


a year ago
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.