Enrico 3 Posted November 17, 2020 Share Posted November 17, 2020 After the last updates I started having the certificates issue with firefox https://forum.eset.com/topic/23125-certificate-issues-for-firefox-740-64bit/page/6/ On W10 20H2 FF 78.4.1 ESR has credential issues that lead to secure connection errors and data loss, Ungoogled Chromium seems not affected. On W10 1909 FF displays invalid cert on every website, the same with Ungoogled. Pref "security.enterprise_roots.enabled" is "true" and locked (by Eset or by group policy) I see no errors in browsers console. On the third PC with 20H2 and without Eset SSP I have no issues. I've tried disabling/re-enabling SSL/TLS filtering while monitoring TRCA, Eset SS filter CA was renewed and is valid until 15/11/2030. Disabling SSL/TLS filtering didn't resolved the issue. Suggestions? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,931 Posted November 17, 2020 Administrators Share Posted November 17, 2020 With SSL filtering disabled there is no ESET SSL filter CA certificate in the Trusted root certification authorities store? Is there no ESET root certificate in the list of untrusted certificates? You can search certificates for "ESET SSL". WIth SSL filtering disabled you should not be able to find any, after re-enabling SSL filtering you should be able to find one: Link to comment Share on other sites More sharing options...
Enrico 3 Posted November 17, 2020 Author Share Posted November 17, 2020 I can confirm that disabling filtering the cert goes away... In the 20H2 machine I've resolved with Eset reinstallation/reconfiguration, root certificates cleanup/rebuild and restoring some old firefox profiles, now everything seems ok, so probably it was a corruption or a misconfiguration due to November patches. In the 1909 machine a newer Eset certificate was installed and after reboot no browsing issues. Thanks Link to comment Share on other sites More sharing options...
Enrico 3 Posted November 18, 2020 Author Share Posted November 18, 2020 Update: I've started having issues with FF on some websites, the solution was set "security.tls.version.min" to 1 . Link to comment Share on other sites More sharing options...
itman 1,630 Posted November 18, 2020 Share Posted November 18, 2020 6 hours ago, Enrico said: Update: I've started having issues with FF on some websites, the solution was set "security.tls.version.min" to 1 . I really can't say that a downgrade to TLS 1.0 is a secure thing to do. The default minimum TLS version is TLS 1.2 which is a value of 3. Ref.: http://kb.mozillazine.org/Security.tls.version.* Link to comment Share on other sites More sharing options...
Enrico 3 Posted November 18, 2020 Author Share Posted November 18, 2020 I know, but tell it to the bank (that was naggin' me with "install the app from gooogle play because it's more secure" blah blah), to the insurance or to the biggest ISP here, today their are facing serious issues because of this procrastination. Link to comment Share on other sites More sharing options...
Recommended Posts