Monday, 11 June 2012

HTTPS (almost) everywhere

The connection was reset
The connection to the server was reset while the page was loading.
  • The site could be temporarily unavailable or too busy. Try again in a few moments.
  • If you are unable to load any pages, check your computer's network connection.
  • If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

Oh the irony... I have upgraded to Firefox 13, (Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0) and obviously have HTTPS everywhere, (like you do... don't you?)

HTTPS is from www.eff.org but once I installed that I could no longer get to their site. So I turned off half of my add-ons and restarted Firefox.. still nothing. After a little while of playing binary-chop I found that HTTPS_Everywhere and Convergence.io are incompatible for https://www.eff.org/  but
https://encrypted.google.com/search?q=alexxroche still works

So I replaced HTTPS Everywhere with HTTPS Finder, (I'm not going to give up on convergence.io) and restarted.. same problem.

HTTPtoHTTPS was next and that felt like it was working.. until it didn't on https://panopticlick.eff.org/

I took a look at the certificate for eff and fround that its CN is *.eff.org. So now I have to find out if this is a problem with convergence+$(https add-on)+wildcard_certs or just something odd about the eff.org certificate.


https://wordpress.org/extend/plugins/wordpress-https/screenshots/ showed me that convergence was not having a problem with wildcard certificates.


I used:

openssl s_client -connect www.eff.org:443  -showcerts > cert.pem ;
openssl x509 -noout -in cert.pem -fingerprint

to get the fingerprint for the *.eff.org cert and add it to convergence.io but that site still would not load, (I though that Firefox might be caching the http2https behaviour so I restart it again but it still did not work.

I like to keep my chrome clean, (I only have the menu toolbar and use a custom userChrome.css to strip out everything that I don't need/use or have learnt the keyboard shortcut for.) This meant that I did not have the convergence.io button, but with a little tinkering I've moved it to the menu bar, (between the URI and search boxes.) For now I'm just disabling convergence for eff.org, (when I want to visit their site) and have re-enabled HTTPS Everywhere.

I'm sure that there will be more to this story, (especially when someone takes the eff HTTPS everywhere and hacks it to also perform the convergence firefox add-on functions.)

No comments:

Post a Comment

About this blog

Sort of a test blog... until it isn't