One specific Web site doesn't work in Firefox when ESET's HTTPS traffic scanning is enabled.

[Newtype 0]

I'm not sure if this is an ESET problem or a Firefox problem. This is the only Web site I've ever had problems with and it's been going on for months.

The Web site in question is: https://www.rds.ca/

When ESET's HTTPS Traffic Scanning is enabled, the Web site's certificate is ESET. Clicking on any link will result in a "Secure Connection Failed" error in Firefox and also some images will sometimes fail to load.

If I disable HTTPS Traffic Scanning, the Web site's certificate is Entrust, Inc. and everything will work correctly.

This is a Web site that I need to visit every day so I don't know what to do.

Edited May 28 by Newtype
Fixed title

[Marcos 5,231]

Works for me fine, also the links on the website open without errors.

Please post a screenshot of the error you are getting and carry on as follows:

1. Enable advanced logging under Help and support -> Technical support
2. Reproduce the issue
3. Stop logging
4. Collect logs with ESET Log Collector and upload the generated archive here.

[cyberhash 194]

Strangely the site worked for me ONCE. After i closed the tab and went back and tried to reload im getting the same "Secure Connection Failed" message as the OP.

Then i closed the tab and retried and it worked again ....... Strange stuff

Edited May 28 by cyberhash

[cyberhash 194]

@Newtype Have you tried clearing the cookies and site data , by clicking the padlock symbol beside the url bar and then trying again. Seems to work every time i go to the site now

[Newtype 0]

45 minutes ago, cyberhash said:

@Newtype Have you tried clearing the cookies and site data , by clicking the padlock symbol beside the url bar and then trying again. Seems to work every time i go to the site now

Like you said, the site is unpredictable. Sometimes it works, rarely, but most often it doesn't. Clearing cookies and site data doesn't work for me, I tried it a bunch of times.

[cyberhash 194]

Only one of the times that i tried to load the site i got the same error that you did and any subsequent visits has worked properly. I have clicked on links and video's and they all work correctly for me. Do you have Edge or another browser that you can try and see if its working with that ?.

[Newtype 0]

3 minutes ago, cyberhash said:

Only one of the times that i tried to load the site i got the same error that you did and any subsequent visits has worked properly. I have clicked on links and video's and they all work correctly for me. Do you have Edge or another browser that you can try and see if its working with that ?.

It works with Edge. Have you tried clearing cookies and site data, then shutting down Firefox, opening it again and trying the site? For me that never works.

[itman 1,740]

13 hours ago, Newtype said:

The Web site in question is: https://www.rds.ca/

I can access the home web page w/o issue in Firefox. However, selecting any content on that page results in the Secure Connection Failed message.

I scanned the web site at QUALS SSL Server test web site which noted the site uses HSTS: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security . HSTS is used to protect against man-in-the-middle attacks which is actually what Eset is doing when intercepting browser web traffic to scan it via its HTTPS scan processing.

Appears HSTS processing is handled differently in Chrome/Edge than in Firefox when Eset HTTPS scanning is deployed.

Edited May 28 by itman

[itman 1,740]

An update here. The Secure Connection Failed message only occurs for select web page links. For me, its the feature article link on home page and select sub-domain web pages.

Appears to me to be an issue with this domain.

Edited May 28 by itman

[Newtype 0]

4 hours ago, itman said:

I can access the home web page w/o issue in Firefox. However, selecting any content on that page results in the Secure Connection Failed message.

I scanned the web site at QUALS SSL Server test web site which noted the site uses HSTS: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security . HSTS is used to protect against man-in-the-middle attacks which is actually what Eset is doing when intercepting browser web traffic to scan it via its HTTPS scan processing.

There's an alternate version of this Web site that's in English and doesn't have any of the issues that the French version has.

https://www.tsn.ca/

Does that Web site use HSTS as well?

[itman 1,740]

29 minutes ago, Newtype said:

Does that Web site use HSTS as well?

Yes it does. Must be some other problem with the French web site.

[cofer123 14]

Could it be related to this bug of Firefox? It currently has a size limit of 1024 HSTS entries, safely stored on a .txt file by the way, and once that fills up (happens within a few days for me) then it behaves in odd ways, sometimes no longer enforcing secure connections even with HSTS headers present.

Why Mozilla in their wisdom adopted such a terrible implementation is beyond me, but I've been running into problems with sites randomly missing images/broken layouts for quite a while and it only happens on Firefox.

They've apparently "fixed" that on recent updates by doubling the limit to 2048 entries, so instead of a few days it might take a couple of weeks before we run into that limitation again.

Edit: here is an in-depth explanation about Firefox's behavior on this matter.

Edited May 29 by cofer123

[Newtype 0]

1 hour ago, cofer123 said:

Could it be related to this bug of Firefox?

I don't think it's the same. It happens even on a fresh install of Firefox. To be sure, I just tried a portable version of Firefox Beta and the issue was still occurring.

If this is a site-specific issue, is there a way to disable HTTPS scanning for that Web site only?

[itman 1,740]

3 hours ago, Newtype said:

If this is a site-specific issue, is there a way to disable HTTPS scanning for that Web site only?

Refer to this forum posting: https://forum.eset.com/topic/9714-ssl-inspection-exclusion/?do=findComment&comment=50366

Just remember that with the web site excluded, Eset won't scan'detect malware delivered via HTTPS for the web site.

[Newtype 0]

19 hours ago, itman said:

Refer to this forum posting: https://forum.eset.com/topic/9714-ssl-inspection-exclusion/?do=findComment&comment=50366

Just remember that with the web site excluded, Eset won't scan'detect malware delivered via HTTPS for the web site.

Thank you, this worked!