HTTPS Everywhere 4.0development.11 causes google.com OCSP meltdown
|Reported by:||erinn||Owned by:||micahlee|
|Keywords:||Cc:||mikeperry, arma, eroseman@…, agl@…, MB, schoen, dtauerbach|
|Actual Points:||Parent ID:|
On our blog we have several users complaining that they are sending non-stop connection requests to clients1.google.com and they say that downgrading their version of HTTPS Everywhere alleviates the problem.
The same problem: at times, perhaps after some inactivity delay, there appear some non-stop connection requests to clients1.google.com:443.
Why??? I have no business connecting to Google.
Look for yourself - monitor the circuits/connections in the Vidalia's Network Map... If the requests are seen, they stop only after Tor Browser is closed.
(This one is interesting because the user implies there are no deliberate connections to Google being made.)
with the dev version of https everywhere in the latest tor build I get (like the poster above) constant connections to clients1.google.com, after downgrading https everywhere to the stable version these connections don't show up.
One user says that he or she can reliably reproduce it by visiting gmail. Just the front page is enough to trigger it, but logging in is even worse.
Another user says:
the earlier reported non-stop outgoing https connections to clients1.google.com seemed to happen with the latest TBB x64 on Linux, but only _after the browser Add-ons were updated manually_ - that loaded the latest dev version of Https-Everywhere.
After I manually replaced it with the previous "4.0development.9" version that was on hand, the weird connections are no more.
For my part, I have been unable to reproduce this bug on Linux, even when logging into (and interacting with) gmail. I haven't tried manually updating any of the extensions yet.
Change History (13)
comment:5 Changed 6 months ago by pde
- Cc mikeperry arma added
- Owner changed from pde to micahlee
- Status changed from new to assigned
comment:9 Changed 6 months ago by pde
- Summary changed from Users report HTTPS Everywhere 0.development.11 in some sort of clients1.google.com loop? to HTTPS Everywhere 4.0development.11 causes google.com OCSP meltdown