itman 1,800 Posted January 23, 2017 Posted January 23, 2017 I am logging off for the night. You should repeat the QUALS test in FireFox and see if it can now run successfully.
ronnie 0 Posted January 23, 2017 Author Posted January 23, 2017 (edited) So far so good. From Firefox.Still shows Quals test Problems. https://www.ssllabs.com/ssltest/viewMyClient.html In safe mode just now and everything works fine on there so not sure why all the browsers work ok on there and not in normal mode. Edited January 23, 2017 by ronnie
itman 1,800 Posted January 23, 2017 Posted January 23, 2017 Checking the "Other User Agents" stats on the QUALS SSL Client test, I see no references for FireFox or Chrome for Win 10. The omission of same leads me to believe that the test is not supported for those browsers running under Win 10. I wasn't aware of that till now. Sorry for the inconvenience caused. The use of Chrome and Eset's SSL protocol scanning has been problematic in the past. Also issues seem to "crop up" with every new Chrome release. So I will pass on comments related to Chrome issues. Why IE11 is having a problem with SSL protocol scanning on your PC is a mystery. If there is any browser that is compatible with all Eset features, it is IE. Check this: 1. In Eset, go to Setup. 2. Select Internet Protection. 3. Click on the gear wheel symbol for Web Access Protection. 4. On the left hand side of the page, click on Web and Email. 5. Click on SSL/TLS 6. For List of SSL/TLS filtered applications, click on Edit. All your browsers should be listed there with their Scan Action set to Automatic as shown in the below screen shot. If IE and/or Chrome are not listed, you will have to add them manually. Then set Scan Action to Automatic for each. Have you checked Edge to see if SSL protocol scanning works with it?
ronnie 0 Posted January 23, 2017 Author Posted January 23, 2017 They are all on there and set to auto. I don't have Chrome so that is not on it. Edge does not work either. I did notice on your screenshot that explorer.exe was on your screenshot. Would it be ok to add that. I also noticed that Firefox has only the one listing for the (x86) version on it.
itman 1,800 Posted January 23, 2017 Posted January 23, 2017 12 minutes ago, ronnie said: I did notice on your screenshot that explorer.exe was on your screenshot. Would it be ok to add that. No need to. I just added it for a bit extra protection. 13 minutes ago, ronnie said: I also noticed that Firefox has only the one listing for the (x86) version on it. If you run the x64 ver. of FireFox, this would explain why you can connect to all HTTPS web sites w/o issue. SSL protocol scanning is not in effect.
itman 1,800 Posted January 23, 2017 Posted January 23, 2017 One other thing to check. Verify the Windows firewall service is running and is set to Automatic as shown by the below screen shot. If it is not running, start the service. If it is not set to Automatic, set to same. If you don't know how to do this, follow these steps: 1. Enter "admin" in the "Search Windows" box in the bottom toolbar of the desktop. Click on Administrative Tools. 2. Double click on Services. Click on "Yes" when the UAC prompt is displayed.
Administrators Marcos 5,444 Posted January 23, 2017 Administrators Posted January 23, 2017 Try the following: 1, Disable SSL/TLS filtering. 2, Restart the computer. 3, Launch Firefox. 4, Check Firefox' Trusted root CA certificate store and make sure there is no ESET root certificate installed. 5, Close Firefox (make sure it's not among running processes). 6, Re-enable SSL/TLS filtering. If you go to https://www.youtube.com for instance, does it open fine or you get SSL_ERROR_BAD_MAC_ALERT error?
ronnie 0 Posted January 23, 2017 Author Posted January 23, 2017 (edited) Windows Firewall is set to automatic and running. Running sfc /scannow at the moment and will try the root certificate after that finishes. No sign of eset on root certificate. You tube will not open properly and get the SSL-Error_BAD_MAC__ALERT back again. I hope you have a cunning plan. Edited January 23, 2017 by ronnie
itman 1,800 Posted January 23, 2017 Posted January 23, 2017 (edited) First, recheck Eset root certificate not in FireFox Authorities certificate store. If not there, looks like you're going to have to manually import it. You do that by: Go to ESET Settings -> Internet Protection -> Web Access Protection -> Web and Email -> SSL/TLS -> Root Certificate -> View certificate -> click on Details (tab) -> click on Copy to File... -> select DER encoded binary X.509 (.CER) -> Save the file somewhere on the computer; preferably the desktop. Next open FireFox and repeat Marcos's step 3. and 4. instructions. Ensure that the "Authorities" tab was selected. Somewhere on that screen should be an "Import" button. Click on that and follow the instructions to import the Eset root certificate that was previously saved to the desktop. After Import is completed, close FireFox. Then re-open it and verify Eset certificate is present. Finally, check utube web site to see if it can be accessed. Edited January 23, 2017 by itman
Administrators Marcos 5,444 Posted January 23, 2017 Administrators Posted January 23, 2017 2 hours ago, ronnie said: No sign of eset on root certificate. You tube will not open properly and get the SSL-Error_BAD_MAC__ALERT back again. Ok, so I take it that there's no ESET root certificate on the Authorities tab with SSL/TLS filtering disabled but when you re-enable it the root certificate is added automatically. Is that correct?
ronnie 0 Posted January 23, 2017 Author Posted January 23, 2017 Sorry for the delay. Yes Eset is back on the root certificate on Firefox but I have had to post this with SSL switched off as I keep getting SSL_ERROR_BAD_MAC_ALERT.
itman 1,800 Posted January 23, 2017 Posted January 23, 2017 4 minutes ago, ronnie said: Sorry for the delay. Yes Eset is back on the root certificate on Firefox but I have had to post this with SSL switched off as I keep getting SSL_ERROR_BAD_MAC_ALERT. Re-verify that the version of Firefox you are using is listed is Eset's SSL/TLS filtered applications and the file name path for the.exe specified is correct. Also, that "Automatic" is selected.
ronnie 0 Posted January 23, 2017 Author Posted January 23, 2017 (edited) Ok think I found the problem. In Firefox 50.1.0 Advanced found that When a Server requests my personal certificate ask me every time was dotted. Changed that to Select one automatically and Firefox is working again with SSL switched on. it says on root certificate. Eset, spol. s r. o. Eset SSL Filter CA Youtube works. So looks like Firefox is back to its working condition. Tried youtube on Internet Explorer and Edge. They partly open with blue coloured columns down the left hand side. Still not usable though. Edited January 23, 2017 by ronnie
itman 1,800 Posted January 23, 2017 Posted January 23, 2017 As far as IE goes, it uses the Windows root CA certificate store. Verify that Eset certificate is stored there as follows: 1. Enter cert in the Search Windows box. 2. Click on Manage User Certificates. Click on Yes to the UAC prompt. 3. Click on Trusted Root Certificate Authority Certificates. Then click on Certificates. 4. Scroll down to verify the Eset root certificate is installed as shown in the below screen shot.
itman 1,800 Posted January 24, 2017 Posted January 24, 2017 Do the following after opening IE: Select Tools -> Internet Options -> Click on Content tab -> Certificates -> Trusted Root Certificate Authorities. Verify that Eset certificate is present. If Eset certificate is present, return back to the Content screen in Internet Options and click on Clear SSL Cache. When that completes, close IE. Reopen IE and now try to access the utube web site.
ronnie 0 Posted January 24, 2017 Author Posted January 24, 2017 Sorry about the delay but when i reboot on this it stays on a black screen so took me a while to get out of it. Apart from that Eset was where you said it would be. Then removed the SSL cache. Then ran youtube.but only part of it opens. just the odd columns on the left with blue printing.
itman 1,800 Posted January 24, 2017 Posted January 24, 2017 (edited) 14 minutes ago, ronnie said: Sorry about the delay but when i reboot on this it stays on a black screen so took me a while to get out of it. Apart from that Eset was where you said it would be. Then removed the SSL cache. Then ran youtube.but only part of it opens. just the odd columns on the left with blue printing. Just realized the utube link Marcos posted is not a good test for SSL protocol scanning since Eset has whitelisted the cert. it uses. Try this site: https://www.malwarebytes.com/ . I verified that it is using Eset's cert. indicating that SSL protocol scanning is in effect. Edited January 24, 2017 by itman
ronnie 0 Posted January 24, 2017 Author Posted January 24, 2017 (edited) No it still does not work. This page can’t be displayed Make sure that the web address https://www.malwarebytes.com is correct. Look for the page with your search engine. Refresh the page in a few minutes. hxxp://www.speedtest.net/ Works on it some will most don't. Edited January 24, 2017 by ronnie
itman 1,800 Posted January 24, 2017 Posted January 24, 2017 2 hours ago, ronnie said: No it still does not work. This page can’t be displayed Make sure that the web address https://www.malwarebytes.com is correct. Look for the page with your search engine. Refresh the page in a few minutes. hxxp://www.speedtest.net/ Works on it some will most don't. At this point, all I can conclude is something is wrong with the Eset root CA cert. in the Windows root CA store. Do you still have the Eset root CA cert. you previously created on your desktop?
ronnie 0 Posted January 24, 2017 Author Posted January 24, 2017 Probably not itman I usually get rid of things not needed. All I have on my computer is Eset_logs file or download. Can you remind me what i am looking for.
itman 1,800 Posted January 24, 2017 Posted January 24, 2017 (edited) In a prior posting, I described how to export the Eset root cert., save it, and import it into FireFox. I am referring to that saved certificate. Edited January 24, 2017 by itman
ronnie 0 Posted January 24, 2017 Author Posted January 24, 2017 Did as you said and everything went well. malwarebytes opened ok. I presume that I have to turn SSL on again. The problem is that I was not having problems with Firefox just I/E and Edge. Is there a way to do that with I/E.
itman 1,800 Posted January 25, 2017 Posted January 25, 2017 1 hour ago, ronnie said: Did as you said and everything went well. malwarebytes opened ok. I presume that I have to turn SSL on again. The problem is that I was not having problems with Firefox just I/E and Edge. Is there a way to do that with I/E. Hum ........ Looks like you misunderstood me. I only wanted you to check if you had saved the Eset cert. somewhere; not do the whole FireFox cert. import thing again? Before we continue, turn on SSL protocol scanning and see if you can connect to Malwarebytes site in FireFox.
ronnie 0 Posted January 25, 2017 Author Posted January 25, 2017 Yes sorry itman woke up at 4am this morning and thought. If it works on Firefox Browser and I do not need to enable SSL again everything should work. So opened I/E and just typed Malwarebytes into address bar and everything worked.. So in theory would everything be Ok if SSL is left disabled as it is still in Firefox Browser. Or should SSL be enabled again in Eset.
Recommended Posts