Mastahh 0 Posted May 23, 2020 Share Posted May 23, 2020 Hello, I have problem that some websites doesn't work when Https Scanner option enabled in antivirus. NOD32 version: 13.1.21 All installed browsers are effected by this issue. SSL_ERROR_DECODE_ERROR_ALERT SEC_ERROR_BAD_SIGNATURE https://accounts.google.com/o/oauth2/v2/auth?access_type=offline https://www.rahvastikuregister.ee/ I have problem with this two sites, but i think there are more this sites. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,703 Posted May 24, 2020 Administrators Share Posted May 24, 2020 Have you tried the following? - disable SSL filtering while browsers are not running and save settings - re-enable SSL filtering - launch a browser and see if the issue is gone. Is the eicar test file detected upon download from https://secure.eicar.org/eicar_com.zip? Link to comment Share on other sites More sharing options...
itman 1,538 Posted May 24, 2020 Share Posted May 24, 2020 16 hours ago, Mastahh said: https://www.rahvastikuregister.ee/ This site doesn't render in FireFox. Appears to connect to the site OK but the web page is blank. Might be a problem with the web site. Link to comment Share on other sites More sharing options...
ram1220 3 Posted May 24, 2020 Share Posted May 24, 2020 I just tried that site using Firefox 76.0.1 and Eset NOD 32 Anitvirus and it loads just fine for me. Link to comment Share on other sites More sharing options...
itman 1,538 Posted May 24, 2020 Share Posted May 24, 2020 (edited) 3 hours ago, ram1220 said: I just tried that site using Firefox 76.0.1 and Eset NOD 32 Anitvirus and it loads just fine for me. Upon retry, I am now getting: Quote Secure Connection Failed An error occurred during a connection to www.rahvastikuregister.ee. Peer could not decode an SSL handshake message. Error code: SSL_ERROR_DECODE_ERROR_ALERT Edited May 24, 2020 by itman Link to comment Share on other sites More sharing options...
Mastahh 0 Posted May 24, 2020 Author Share Posted May 24, 2020 (edited) Just Closed both browsers Chrome and Firefox. Disabled SSL/TLS, Click OK Enabled SSL/TLS, Click OK Open, https://www.rahvastikuregister.ee/ in both browsers, not working. Go to Web Protocols->Disable HTTPS check, click OK. Works perfect The Girls from ESET support saying that they do not have problems 14 hours ago, Marcos said: Have you tried the following? - disable SSL filtering while browsers are not running and save settings - re-enable SSL filtering - launch a browser and see if the issue is gone. Is the eicar test file detected upon download from https://secure.eicar.org/eicar_com.zip? The file detected. Edited May 24, 2020 by Mastahh Link to comment Share on other sites More sharing options...
ESET Staff Posolsvetla 15 Posted May 25, 2020 ESET Staff Share Posted May 25, 2020 According to our testing of www.rahvastikuregister.ee, the issue is on the server side. We recommend you to contact the server administrator. In the meantime, we recommend to add the server certificate of www.rahvastikuregister.ee into the List of known certificates (https://help.eset.com/eav/13/en-US/?idh_config_epfw_ssl.html) and set Scan action to Ignore. The technical details discovered during the testing which might be useful:The issue is present when there is TLS version 1.3 advertised in the Client Hello, but there is not advertised x25519 group in the Supported Groups Client Hello extension. It seems that the server requires the presence of x25519 group despite it's not mandatory, according to the https://tools.ietf.org/html/rfc8446#section-9.1 As can be seen on https://www.ssllabs.com/ssltest/analyze.html?d=www.rahvastikuregister.ee, Java 11.0.3 or Java 12.0.1 as a client has the same issue. Link to comment Share on other sites More sharing options...
Mastahh 0 Posted May 26, 2020 Author Share Posted May 26, 2020 (edited) I tested following site using this online tester: https://www.cdn77.com/tls-test and thishttps://www.ssllabs.com/ssltest/analyze.html?d=www.rahvastikuregister.ee And both shows that website only supports TLS 1.2, all other versions are disabled. Edited: I will write to site owner about this issue. Edited May 26, 2020 by Mastahh Link to comment Share on other sites More sharing options...
itman 1,538 Posted May 26, 2020 Share Posted May 26, 2020 (edited) On 5/25/2020 at 9:35 AM, Posolsvetla said: The issue is present when there is TLS version 1.3 advertised in the Client Hello, but there is not advertised x25519 group in the Supported Groups Client Hello extension. It seems that the server requires the presence of x25519 group despite it's not mandatory, according to the https://tools.ietf.org/html/rfc8446#section-9.1 To begin, this web site: https://www.rahvastikuregister.ee/ , only supports TLS 1.2. I assume the scenario here is the browser sent a Server Hello for TLS 1.3. The site server replied with a Client Hello downgrade request to TLS 1.2. However, TLS 1.3 is not down-gradable. I therefore assume a new handshake session is initiated by the browser requesting TLS 1.2. As such, I am confused with what is posted. Edited May 26, 2020 by itman Link to comment Share on other sites More sharing options...
Recommended Posts