User 13 Posted December 14, 2013 Share Posted December 14, 2013 (edited) I don't know if this is the case since Internet protection module 1094 is installed or even since 1092, with 1091 it was no problem. I guess it is caused by module 1094. I noticed it first when Firefox 26 was available since 2 days ago, but when I checked "Help" "About Firefox" it said my version 25.01 was up to date. After I closed Firefox, disabled SSL scanning in ESS and reopened Firefox the Update to version 26 was downloaded. The same happens with several Add-Ons that I have installed in Firefox. When I check for Updates in Firefox manually with SSL scanning enabled it says that all Add-Ons are up-to date, but there are clearly newer versions available. With deactivated SSL scanning the updated Add-Ons are found and installed. So the bottom case is, if SSL scanning is enabled, you don't get any Firefox or Firefox Add-Ons found or installed, no matter if it is a manual search for updates or an automatic search by Firefox in the background. Edited December 14, 2013 by User Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted December 14, 2013 Administrators Share Posted December 14, 2013 Mozilla doesn't accept self-signed certificates and refuses to update in such case. You must exclude Mozilla's certificate from scanning. Link to comment Share on other sites More sharing options...
User 13 Posted December 14, 2013 Author Share Posted December 14, 2013 And how exactly can I exclude Mozilla's certificate? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted December 14, 2013 Administrators Share Posted December 14, 2013 If you configure ESET to ask about non-visited websites and then attempt to update Firefox, you will be asked whether you want ESS to scan the secured communication utilizing the given certificate with an option to exclude it from scanning. Then you can switch back to "Always scan SSL" while checking the box "Apply created exceptions based on certificates". Link to comment Share on other sites More sharing options...
User 13 Posted December 14, 2013 Author Share Posted December 14, 2013 (edited) "Apply created exceptions based on certificates". When I activate that option, then there is a separate new problem with my used POP3S Mailserver, even if I add the certificate exception for the Mailserver: Server: XXX Windows Live Mail-Fehlernummer: 0x800CCC0F Protokoll: POP3 Port: 995 Secure (SSL): Ja I have no problems with the Mailserver, when "Apply created exceptions based on certificates" is deactivated. The other problem is that the sites https://support.mozilla.org https://mozilla.org do not work even with added certificate exceptions and activated "Apply created exceptions based on certificates". The error message is: Fehlercode: ssl_error_no_cypher_overlap These sites work, when "Apply created exceptions based on certificates" is deactivated. I do not know, if the Firefox updates and Addon-Updates work with added exceptions, as there is no error message displayed in Firefox and I have all new updates installed. Edited January 6, 2014 by User Link to comment Share on other sites More sharing options...
User 13 Posted January 7, 2014 Author Share Posted January 7, 2014 Are there any plans to resolve this issue? I have disabled https scanning for a few weeks now. The option to activate "Apply created exceptions based on certificates" is no alternative as this causes many new separate problems (see posting above). The best solution in my eyes would be if ESS could be programmed to circumvent Mozilla's refusal to accept self-signed certificates, so that updates for Firefox and Firefox Addons work with standard configuration. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted January 7, 2014 Administrators Share Posted January 7, 2014 I'll try to find out if we could somehow exclude the communication with Mozzila's servers from https scanning without the need for users to set up exclusions. Link to comment Share on other sites More sharing options...
User 13 Posted March 10, 2014 Author Share Posted March 10, 2014 (edited) "Apply created exceptions based on certificates". When I activate that option, then there is a separate new problem with my used POP3S Mailserver, even if I add the certificate exception for the Mailserver Today I activated https scanning again with that method and the problem with the mailserver seems to be solved. So now I have the following exceptions in ESS trusted certificates: *.cdn.mozilla.net aus3.mozilla.org versioncheck.addons.mozilla.org www.mozilla.org Is this OK to get to get all Firefox and Addons updates automatically or do I have to alter anything? Although some problems remain if "Apply created exceptions based on certificates" is activated: If I use the Mozilla plugin check on the website https://www.mozilla.org/de/plugincheck/ then the following error message is shown in the browser: (Fehlercode: ssl_error_no_cypher_overlap) The same with the following sites: https://support.mozilla.org https://mozilla.org Also https://www.changedetection.com/ shows the error message (Fehlercode: ssl_error_handshake_unexpected_alert) These errors only occur when "Apply created exceptions based on certificates" is activated. Edited March 10, 2014 by User Link to comment Share on other sites More sharing options...
User 13 Posted June 6, 2014 Author Share Posted June 6, 2014 Although some problems remain if "Apply created exceptions based on certificates" is activated: If I use the Mozilla plugin check on the website https://www.mozilla.org/de/plugincheck/ then the following error message is shown in the browser: (Fehlercode: ssl_error_no_cypher_overlap) The same with the following sites: https://support.mozilla.org https://mozilla.org Also https://www.changedetection.com/ shows the error message (Fehlercode: ssl_error_handshake_unexpected_alert) These errors only occur when "Apply created exceptions based on certificates" is activated. I just tried again and these errors are still not fixed. Is this problem being investigated? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted June 6, 2014 Administrators Share Posted June 6, 2014 I just tried again and these errors are still not fixed. Is this problem being investigated? We haven't released an Internet protection module with the SSL scanning functionality refactored. It's currently available as an internal beta. Link to comment Share on other sites More sharing options...
User 13 Posted July 5, 2014 Author Share Posted July 5, 2014 Were there any changes concerning SSL scanning in the module released yesterday "1137 (20140704)"? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted July 5, 2014 Administrators Share Posted July 5, 2014 Were there any changes concerning SSL scanning in the module released yesterday "1137 (20140704)"? Yes. This module is currently available on pre-release servers only. Link to comment Share on other sites More sharing options...
User 13 Posted July 5, 2014 Author Share Posted July 5, 2014 If I use the Mozilla plugin check on the websitehttps://www.mozilla.org/de/plugincheck/ then the following error message is shown in the browser: (Fehlercode: ssl_error_no_cypher_overlap) The same with the following sites: https://support.mozilla.org https://mozilla.org Also https://www.changedetection.com/ shows the error message (Fehlercode: ssl_error_handshake_unexpected_alert) These errors only occur when "Apply created exceptions based on certificates" is activated. OK, I just tested the new module and can confirm that the above problems no longer occur with the new module. Concerning Mozilla: Is it still necessary to add trusted certificates for Mozilla? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted July 6, 2014 Administrators Share Posted July 6, 2014 Concerning Mozilla: Is it still necessary to add trusted certificates for Mozilla? Haven't tried but I doubt that Mozilla has changed their policy in the mean time and would accept self-signed root certificates now. Link to comment Share on other sites More sharing options...
User 13 Posted July 23, 2014 Author Share Posted July 23, 2014 (edited) So now I have the following exceptions in ESS trusted certificates: *.cdn.mozilla.net aus3.mozilla.org versioncheck.addons.mozilla.org www.mozilla.org I just found out the following: With activated SSL web scanning and the above exceptions the normal Firefox updates work, but the Firefox addons updates don't work although "versioncheck.addons.mozilla.org" is added to trusted certificates. Also in interactive mode when "versioncheck.addons.mozilla.org" pops up and I confirm it, the addons are not updated. Only when I deactivate SSL web scanning, the Firefox addons are updated. Why is this? Edited July 23, 2014 by User Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted July 23, 2014 Administrators Share Posted July 23, 2014 I just found out the following: With activated SSL web scanning and the above exceptions the normal Firefox updates work, but the Firefox addons updates don't work although "versioncheck.addons.mozilla.org" is added to trusted certificates. Also in interactive mode when "versioncheck.addons.mozilla.org" pops up and I confirm it, the addons are not updated. Only when I deactivate SSL web scanning, the Firefox addons are updated. Why is this? I was unable to reproduce this. Have the following certificates excluded: *.cdn.mozilla.net aus3.mozilla.org versioncheck.addons.mozilla.org www.mozilla.org addons.mozilla.org Link to comment Share on other sites More sharing options...
User 13 Posted July 23, 2014 Author Share Posted July 23, 2014 (edited) How can I add addons.mozilla.org to trusted certificates? In interactive mode I get only a popup with "versioncheck.addons.mozilla.org". Edited July 23, 2014 by User Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted July 23, 2014 Administrators Share Posted July 23, 2014 Ok, that certificate is not relevant for updating add-ons. I've tried to reproduce it again and now I have the following certificates excluded. Firefox itself as well as add-ons update fine: *.google.com*.google.com*.cdn.mozilla.netaus3.mozilla.orgversioncheck.addons.mozilla.orgsnippets.mozilla.comwww.mozilla.org I have Internet protection module 1138 installed. Link to comment Share on other sites More sharing options...
User 13 Posted May 28, 2015 Author Share Posted May 28, 2015 (edited) Updates of firefox add-ons don't work at the moment with Internet protection module 1198 and the following certificates excluded: ping.mozversioncheck.com *.google.com aus4.mozilla.org versioncheck.addons.mozilla.org *.cdn.mozilla.net www.mozilla.org Only after disabling of SSL protocol scanning the Mozilla add-ons are updated. Edited May 28, 2015 by User Link to comment Share on other sites More sharing options...
User 13 Posted September 12, 2015 Author Share Posted September 12, 2015 Updates of firefox add-ons don't work at the moment with Internet protection module 1198 and the following certificates excluded: ping.mozversioncheck.com *.google.com aus4.mozilla.org versioncheck.addons.mozilla.org *.cdn.mozilla.net www.mozilla.org Only after disabling of SSL protocol scanning the Mozilla add-ons are updated. There is still no solution to this problem with the newest modules. No firefox addon updates are working with SSL scanning activated. Will there be a solution in version 9? Link to comment Share on other sites More sharing options...
itman 1,755 Posted September 12, 2015 Share Posted September 12, 2015 Well, this explains why I haven't been receiving any Thunderbird updates since I installed Eset. Below is what I excluded when accessing update functions within Thunderbird. Only one I didn't exclude was for Google analytics since I assumed that was for tracking by Google. Is this enough to now start getting update notifications from Mozilla? Link to comment Share on other sites More sharing options...
Recommended Posts