libera #seamonkey

1 Aug 2022

Surfing the net has never been so suite | SeaMonkey Release:2.53.20 Beta: TBA | seamonkey-project.org/releases | This channel is logged at logbot.thereisonlyxul.org/seamonkey | SeaMonkey Nightly:2.53.21b1pre Archive archive.seamonkey-project.org/nightly | c-c (OPEN ) , c-253 (APPROVAL ONLY) | R.I.P. WG9s

• 10:55
  TheSHAD0W
  Hey, how do I add a self-signed certificate to the browser now? And how do I bypass an expired cert?
• 11:20
  frg_Away
  TheSHADOW certificate management has not changed much. Still in Preferences Privacy & Security Certificates. Rarely use it so maybe check mozillaZine for documentation.
• 11:21
  frg_Away
  For websites you can usually bypass if you load it on a per session base. Permanently not sure if possible.
• 12:00
  TheSHAD0W
  frg_Away: There's no click-through to bypass any more.
• 12:00
  TheSHAD0W
  Either per-session or to add to the cert database.
• 12:01
  TheSHAD0W
  Makes it a much bigger problem if governments start trying to censor websites by monkeying with certs.
• 12:07
  tomman
  also, there is strict HSTS with no bypass by design
• 12:08
  frg_Away
  tomman yes Suspect strict transport security is on.
• 12:08
  tomman
  and if your government is tampering with SSL, you've had BIGGER problems than a exceptions dialog
• 12:08
  tomman
  ---you've got
• 12:09
  TheSHAD0W
  Of course it is. So is there a way to turn off strict transport security?
• 12:11
  TheSHAD0W
  In about:config I assume?
• 12:12
  TheSHAD0W
  I see network.stricttransportsecurity.preloadlist but no separate one.
• 12:17
  TheSHAD0W
  Tried several ways to get the old behavior back and haven't been successful.
• 12:20
  TheSHAD0W
  It's not the first time some site operator let a cert expire, and it won't be the last, and turning off a way to bypass it is just stupid.
• 12:26
  TheSHAD0W
  This doesn't even have the "thisisunsafe" bypass that's in chrome. I think I'm finally going to have to switch browsers.
• 12:44
  frg_Away
  bye then
• 12:48
  njsg
  TheSHAD0W: there is, I think, a store inside the profile. wasn't this in readable text? it might be possible to edit that file to reset the site's hsts status
• 12:49
  njsg
  I don't know the current interface to bypass such situations, except for knowing it won't show the bypass button when hsts had been detected in the past
• 12:50
  frg_Away
  SiteSecurityServiceState.txt
• 12:50
  njsg
  there's something in the certificate manager, let me see if it works
• 13:07
  njsg
  it's possible to add an exception but it seems it's ignored with HSTS?
• 18:14
  therube
  i only saw 1 post on "virustotal", so i might have missed something... anyhow, virustotal.com/old-browsers
• 18:54
  tomman
  therube: awesome
• 18:54
  tomman
  now SeaMonkey is considered IBM-vintage
• 18:55
  therube
  heh.
• 18:56
  tomman
  well, at least they have AN option for us, unlike many sites that drank the Google Kool-Aid
• 18:57
  tomman
  I was looking to check some file last week with VirusTotal, just to discover that Chromeisms have infected them
• 19:45
  therube
  VirusTotal IS Google. (google bought them a long time back. And given that Chrome is Google ;-) ...)
• 21:43
  tomman
  oh, so that explains a lot
• 21:43
  tomman
  VirusTotal IS a virus then
• 21:43
  tomman
  another sad day for the Internet then