Opened 21 months ago

Last modified 21 months ago

#22855 new defect

SSL Auth broken in Tor Browser 7

Reported by: bugster Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-7.0-issues, tbb-regression
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

After 7.0 update, authentication by imported SSL certificate has been broken.
Tested OS: Windows 10, Ubuntu (With version 6.* it's works fine)
Error message: SEC_ERROR_LIBRARY_FAILURE

Child Tickets

Change History (6)

comment:1 Changed 21 months ago by gk

Status: newneeds_information

Interesting. Could you give us a bit more detailed steps to reproduce your problem? Is that happening with an unmodified Tor Browser in its default settings?

comment:2 Changed 21 months ago by bugster

Unmodified tor browser (both versions, 6.* and 7.*), but 'security.nocertdb' option changed to 'true' for enable custom certificate importing and saving (in both versions too).

https://arcweb.co/securing-websites-nginx-and-client-side-certificate-authentication-linux/ example of client-side certificate authentication settings.

Until 7.0 version it worked fine.
Reinstalling the browser also does not solve this problem.

Sorry for my English

Thanks.

comment:3 Changed 21 months ago by gk

If you open the error console (Ctrl + Shift + J) do you get errors when you want to use the certificate? If so which?

comment:4 Changed 21 months ago by bugster

Yes, only this:

'mytorwebsite.onion:443 uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is not valid for the name mytorwebsite.onion.
The certificate expired on 05/18/2017 08:15 PM. The current time is 07/10/2017 05:10 PM.

Error code: <a id="errorCode" title="SEC_ERROR_UNKNOWN_ISSUER">SEC_ERROR_UNKNOWN_ISSUER</a>

  (unknown)'

But in browser window i see:

Secure Connection Failed

An error occurred during a connection to mytorwebsite.onion. security library failure. Error code: SEC_ERROR_LIBRARY_FAILURE

  The  page you are trying to view cannot be shown because the authenticity of  the received data could not be verified.Please contact the website  owners to inform them of this problem. 

It's my test website and self-signed certificate. 6.* still works fine.

comment:5 Changed 21 months ago by gk

Keywords: tbb-7.0-issues tbb-regression added
Priority: HighMedium
Severity: MajorNormal
Status: needs_informationnew
Summary: SSL Auth brokenSSL Auth broken in Tor Browser 7
Note: See TracTickets for help on using tickets.