Jump to content
Mastahh

HTTPS Checking not working

Recommended Posts

Hello,

 

I have problem that some websites doesn't work when Https Scanner option enabled in antivirus.

NOD32 version: 13.1.21

All installed browsers are effected by this issue.

SSL_ERROR_DECODE_ERROR_ALERT

SEC_ERROR_BAD_SIGNATURE

https://accounts.google.com/o/oauth2/v2/auth?access_type=offline

https://www.rahvastikuregister.ee/

 

I have problem with this two sites, but i think there are more this sites.

Share this post


Link to post
Share on other sites

Have you tried the following?
- disable SSL filtering while browsers are not running and save settings
- re-enable SSL filtering
- launch a browser and see if the issue is gone.

Is the eicar test file detected upon download from https://secure.eicar.org/eicar_com.zip?

Share this post


Link to post
Share on other sites
16 hours ago, Mastahh said:

https://www.rahvastikuregister.ee/

This site doesn't render in FireFox. Appears to connect to the site OK but the web page is blank. Might be a problem with the web site.

Share this post


Link to post
Share on other sites

I just tried that site using Firefox 76.0.1 and Eset NOD 32 Anitvirus and it loads just fine for me.

Share this post


Link to post
Share on other sites
Posted (edited)
3 hours ago, ram1220 said:

I just tried that site using Firefox 76.0.1 and Eset NOD 32 Anitvirus and it loads just fine for me.

Upon retry, I am now getting:

Quote

Secure Connection Failed

An error occurred during a connection to www.rahvastikuregister.ee. Peer could not decode an SSL handshake message.

Error code: SSL_ERROR_DECODE_ERROR_ALERT

 

Edited by itman

Share this post


Link to post
Share on other sites
Posted (edited)

Just Closed both browsers Chrome and Firefox.

Disabled SSL/TLS, Click OK

Enabled SSL/TLS, Click OK

Open, https://www.rahvastikuregister.ee/ in both browsers, not working.

Go to Web Protocols->Disable HTTPS check, click OK.

Works perfect

The Girls from ESET support saying that they do not have problems :)

14 hours ago, Marcos said:

Have you tried the following?
- disable SSL filtering while browsers are not running and save settings
- re-enable SSL filtering
- launch a browser and see if the issue is gone.

Is the eicar test file detected upon download from https://secure.eicar.org/eicar_com.zip?

The file detected.image.thumb.png.f6423383ca05ef0cdc59112dba5a9c5c.png

Edited by Mastahh

Share this post


Link to post
Share on other sites

According to our testing of www.rahvastikuregister.ee, the issue is on the server side. We recommend you to contact the server administrator.

In the meantime, we recommend to add the server certificate of www.rahvastikuregister.ee into the List of known certificates (https://help.eset.com/eav/13/en-US/?idh_config_epfw_ssl.html) and set Scan action to Ignore.

The technical details discovered during the testing which might be useful:
The issue is present when there is TLS version 1.3 advertised in the Client Hello, but there is not advertised x25519 group in the Supported Groups Client Hello extension. It seems that the server requires the presence of x25519 group despite it's not mandatory, according to the https://tools.ietf.org/html/rfc8446#section-9.1
As can be seen on https://www.ssllabs.com/ssltest/analyze.html?d=www.rahvastikuregister.ee,
Java 11.0.3 or Java 12.0.1 as a client has the same issue.

Share this post


Link to post
Share on other sites
Posted (edited)

I tested following site using this online tester: https://www.cdn77.com/tls-test

and this
https://www.ssllabs.com/ssltest/analyze.html?d=www.rahvastikuregister.ee

And both shows that website only supports TLS 1.2, all other versions are disabled.

 

Edited: I will write to site owner about this issue.

 

Edited by Mastahh

Share this post


Link to post
Share on other sites
Posted (edited)
On 5/25/2020 at 9:35 AM, Posolsvetla said:

The issue is present when there is TLS version 1.3 advertised in the Client Hello, but there is not advertised x25519 group in the Supported Groups Client Hello extension. It seems that the server requires the presence of x25519 group despite it's not mandatory, according to the https://tools.ietf.org/html/rfc8446#section-9.1

To begin, this web site: https://www.rahvastikuregister.ee/ , only supports TLS 1.2. I assume the scenario here is the browser sent a Server Hello for TLS 1.3. The site server replied with a Client Hello downgrade request to TLS 1.2. However, TLS 1.3 is not down-gradable. I therefore assume a new handshake session is initiated by the browser requesting TLS 1.2. As such, I am confused with what is posted.  

Edited by itman

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...