Opened 3 years ago

Last modified 3 years ago

#22855 new defect

SSL Auth broken in Tor Browser 7

Reported by: bugster Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-7.0-issues, tbb-regression
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


After 7.0 update, authentication by imported SSL certificate has been broken.
Tested OS: Windows 10, Ubuntu (With version 6.* it's works fine)

Child Tickets

Change History (6)

comment:1 Changed 3 years ago by gk

Status: newneeds_information

Interesting. Could you give us a bit more detailed steps to reproduce your problem? Is that happening with an unmodified Tor Browser in its default settings?

comment:2 Changed 3 years ago by bugster

Unmodified tor browser (both versions, 6.* and 7.*), but 'security.nocertdb' option changed to 'true' for enable custom certificate importing and saving (in both versions too). example of client-side certificate authentication settings.

Until 7.0 version it worked fine.
Reinstalling the browser also does not solve this problem.

Sorry for my English


comment:3 Changed 3 years ago by gk

If you open the error console (Ctrl + Shift + J) do you get errors when you want to use the certificate? If so which?

comment:4 Changed 3 years ago by bugster

Yes, only this:

'mytorwebsite.onion:443 uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is not valid for the name mytorwebsite.onion.
The certificate expired on 05/18/2017 08:15 PM. The current time is 07/10/2017 05:10 PM.

Error code: <a id="errorCode" title="SEC_ERROR_UNKNOWN_ISSUER">SEC_ERROR_UNKNOWN_ISSUER</a>


But in browser window i see:

Secure Connection Failed

An error occurred during a connection to mytorwebsite.onion. security library failure. Error code: SEC_ERROR_LIBRARY_FAILURE

  The  page you are trying to view cannot be shown because the authenticity of  the received data could not be verified.Please contact the website  owners to inform them of this problem. 

It's my test website and self-signed certificate. 6.* still works fine.

comment:5 Changed 3 years ago by gk

Keywords: tbb-7.0-issues tbb-regression added
Priority: HighMedium
Severity: MajorNormal
Status: needs_informationnew
Summary: SSL Auth brokenSSL Auth broken in Tor Browser 7
Note: See TracTickets for help on using tickets.