AndreyT 0 Posted December 13, 2019 Share Posted December 13, 2019 (edited) All Chromium-based browsers for Windows 10, as well as Internet Explorer are prevented from accessing 'adorama.com' web site. Chrome, Opera and Edge report ERR_HTTP2_PROTOCOL_ERROR. Meanwhile Firefox is not affected - everything works fine in Firefox. Enabling VPN in Opera also seems to solve the issue for Opera. Pausing protection in ESET NOT32 fixes the problems for all browsers: access to 'adorama.com' is restored. Re-enabling ESET NOT32 blocks access to 'adorama.com' again. I can't test Windows 7 now, so the above applies to Windows 10 Pro x64 (1909), ESET NOD32 13.0.22.0. Edited December 13, 2019 by AndreyT Link to comment Share on other sites More sharing options...
AndreyT 0 Posted December 13, 2019 Author Share Posted December 13, 2019 Just asked NOD32 to check for updates, and it updated itself to 13.0.24.0. However, it does not solve the above problem. Link to comment Share on other sites More sharing options...
itman 1,538 Posted December 13, 2019 Share Posted December 13, 2019 This thread might shed some light on what is going on: https://stackoverflow.com/questions/58215104/whats-the-neterr-http2-protocol-error-about . Appears this will occur if there is an issue with JavaScript in one or more web pages that site is using. Also appears Chrome is most susceptible to this activity. My best guess at this point is since Eset performs independent web site cert. validations due to its SSL/TLS protocol scanning, it is picking up something amiss and throwing the error. Link to comment Share on other sites More sharing options...
itman 1,538 Posted December 13, 2019 Share Posted December 13, 2019 Also this web site only supports TLS 1.1. Chrome has deprecated any web site using less than TLS 1.2. Additionally staring with Chrome ver. 81: Quote Starting with Google Chrome 81, Chrome will prevent connections to sites that use TLS 1.0 or TLS 1.1. The browser displays a warning page instead that reads "Your connection is not fully secure. This site uses an outdated security configuration, which may expose your information". https://www.ghacks.net/2019/10/02/tls-1-0-and-1-1-deprecation-chrome-to-display-your-connection-is-not-fully-secure-warnings/ Link to comment Share on other sites More sharing options...
AndreyT 0 Posted December 13, 2019 Author Share Posted December 13, 2019 (edited) 42 minutes ago, itman said: Also this web site only supports TLS 1.1. Online SSLTest on SSLLabs shows that 'adorama.com' supports TLS 1.2. Enabling TLS warnings in Chrome's internal settings (per your ghacks.net link) produces no warnings for 'adorama.com'. P.S. Now Firefox also can't access 'adorama.com' when NOD32 protection is enabled. Edited December 13, 2019 by AndreyT Link to comment Share on other sites More sharing options...
itman 1,538 Posted December 13, 2019 Share Posted December 13, 2019 (edited) 1 hour ago, AndreyT said: Online SSLTest on SSLLabs shows that 'adorama.com' supports TLS 1.2. Not according to Qualys SSL Server test: https://www.ssllabs.com/ssltest/analyze.html?d=adorama.com -EDIT- The site supports both TLS 1.1 and 1.2. Edited December 13, 2019 by itman Link to comment Share on other sites More sharing options...
itman 1,538 Posted December 14, 2019 Share Posted December 14, 2019 I forgot that Eset has issues with HTTP/2 although the problem usually surfaced in Banking & Payment Protection use. Link to comment Share on other sites More sharing options...
AndreyT 0 Posted December 14, 2019 Author Share Posted December 14, 2019 38 minutes ago, itman said: -EDIT- The site supports both TLS 1.1 and 1.2. Exactly. Link to comment Share on other sites More sharing options...
itman 1,538 Posted December 14, 2019 Share Posted December 14, 2019 I added adorama.com IP address, 8.14.113.35, to Eset's protocol scanning exclusions. It is still failing to connect to the web site because of secure connection issues. So something else is going on here. Most likely, the HTTP/2 issue with Eset. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,694 Posted December 14, 2019 Administrators Share Posted December 14, 2019 A ticket for developers has been created. We'll keep you posted. Link to comment Share on other sites More sharing options...
Atomicmutant 0 Posted December 18, 2019 Share Posted December 18, 2019 Very interested in a fix for this as well. I have to go in and turn off ESET in order to browse camera gear! Link to comment Share on other sites More sharing options...
Digitaris 0 Posted December 24, 2019 Share Posted December 24, 2019 FYI - On Windows browsers, I am able to access and browse Adorama's site by adding *.adorama.com* to the List of addresses excluded from content scan list. https://support.eset.com/en/exclude-a-safe-website-from-being-blocked-by-web-access-protection This is certainly not the preferred solution, but it serves as a work around for now. Link to comment Share on other sites More sharing options...
McBuff 0 Posted December 27, 2019 Share Posted December 27, 2019 Here's what the Adorama rep emailed me. Adorama says: "Our IT team is still currently working on this with ESET. In the meantime, ESET technical support shared that adding the website wildcard .adorama.com/* in the exclude SSL section should make the website accessible again. " I have no idea what it means. Adding "the wildcard?" Where is the "exclude SSL section?". . .no clue. . .perhaps someone can make sense of this for me. . or give it a try to see if it works. . .honestly it would seem Adorama would be a little more motivated to fix this. . .especially this time of the year. Link to comment Share on other sites More sharing options...
itman 1,538 Posted December 27, 2019 Share Posted December 27, 2019 4 hours ago, McBuff said: have no idea what it means. Adding "the wildcard?" Where is the "exclude SSL section?". . .no clue. . .perhaps someone can make sense of this for me. . or give it a try to see if it works. . .honestly it would seem Adorama would be a little more motivated to fix this. . .especially this time of the year. Click on the Eset link posted in the reply previous to yours. Link to comment Share on other sites More sharing options...
McBuff 0 Posted December 29, 2019 Share Posted December 29, 2019 Thanks itman. . .right in front of my face!! That fixed it. . .except the wildcard Adorama gave me .adorama.com/* didn't work. The Eset instructions said the proper rendering should be *adorama.com* That one worked! Link to comment Share on other sites More sharing options...
Recommended Posts