SSL protocol checking breaks updates of FF Minefield 3.7

[vtol]

running update of FF Minefield with SSL checking on (4.2.40.0 on WIN 7 64bit) returns the following error



for MediaCenter the error reads:

Failed to retrieve EpgListings (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


no problems when SSL checking is off, hence please sort this bug out.

[vtol]

this has not been fixed until date, SSL protocol checking breaking:

FF Minefield updates
WIN 7 64 bit MediaCentre Updates

[Marcos]

You can accomplish SSL scanning in FF Minefield by exporting the ESET root certificate (e.g. via IE) and importing it to FF manually.

[vtol]

Quote:

Originally Posted by Marcos

You can accomplish SSL scanning in FF Minefield by exporting the ESET root certificate (e.g. via IE) and importing it to FF manually.

tried it, but it does not solve the matter.

there are two types of certificates to be exported from IE8 32bit, *.cert and *.p7b. latter cannot be imported into FF Minefield. hence leaves the *.cert.
the only FF store accepting is servers



having the certificate there gets me still the error when updating as shown in the initial post.

also leaves MediaCentre Updates, which for now excluded from SSL scanning, yet again just being a workaround but no fix

[Marcos]

Please follow the instructions mentioned in this KB article. If you have already added Mozilla's certificate to the Trusted certificates list, remove it. The next time you'll attempt to update FF, a pop-up window asking you whether to trust the certificate will appear, choose Exclude and FF will update fine.

[vtol]

Quote:

Originally Posted by Marcos

Please follow the instructions mentioned in this KB article. If you have already added Mozilla's certificate to the Trusted certificates list, remove it. The next time you'll attempt to update FF, a pop-up window asking you whether to trust the certificate will appear, choose Exclude and FF will update fine.

thanks. wondering what is wrong with the *.mozilla.org certificate that it has to be excluded (which is just another workaround) by NOD? it will just not only impact the update but any website using the *.mozilla.org certificate

and what is wrong with the MediaCenterUpdate?

[Marcos]

That's so because there's no way to make the root certificate a built-in certificate and thus FF doesn't trust it.

As for MediaCenter, I'm not familiar with it. Could you provide me with a link where I could download it from so that I can test it?

[vtol]

Quote:

Originally Posted by Marcos

That's so because there's no way to make the root certificate a built-in certificate and thus FF doesn't trust it.

strange, because according to the KB you referred to NOD is excluding the *.mozilla.org certificate and not FF excluding the Eset certifcate?

Quote:

Originally Posted by Marcos

As for MediaCenter, I'm not familiar with it. Could you provide me with a link where I could download it from so that I can test it?

it is actually build-in WIN 7, I reckon all flavours.



its updater is



and the error log is mentioned in the initial post

[vtol]

before it gets forgotten

[vtol]

not fixed yet

[vtol]

on the MC update the error reads:

Quote:

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

seems the list keeps on growing, next application failing update with SSL protocol checking enabled is FileZilla, error log:

Quote:

Status:Status: Resolving address of update.filezilla-project.org
Status: Connecting to 213.239.222.5:443...
Status: Connection established, initializing TLS...
Error: Root certificate is not trusted
Error: Disconnected from server: ECONNABORTED - Connection aborted

and the workaround, mozilla certificate excluded) for FF does not work around any more with the latest FF 3.7 64bit version.

when all of this getting fixed?

[Marcos]

Mozilla products will not work with SSL enabled unless an exception is set. As it's been said, it's because 3rd party cannot be set as built-in which are the only ones Mozilla trusts.

[vtol]

Quote:

Originally Posted by Marcos

Mozilla products will not work with SSL enabled unless an exception is set. As it's been said, it's because 3rd party cannot be set as built-in which are the only ones Mozilla trusts.

that exception/workaround you pointed too does not work any more with the latest 64bit version of FF Minefield. if is stays that way FF 4 update will not be working with NOD32 SSL protocol checking enabled.

why would be a problem for Eset to get in touch with Mozilla and simply fix it?

having said that there are more incompatibilities mentioned.

[Marcos]

Quote:

Originally Posted by vtol

why would be a problem for Eset to get in touch with Mozilla and simply fix it?

Not possible as a new root certificate is generated dynamically when SSL scanning is enabled. The only possible option would be accepting other than built-in certificates by Mozilla which is against their strict policy.

[vtol]

MC update / FileZilla update not fixed with 4.2.58.3