10:55:35 <TheSHAD0W> Hey, how do I add a self-signed certificate to the browser now?  And how do I bypass an expired cert?
11:20:02 <frg_Away> TheSHADOW certificate management has not changed much. Still in Preferences Privacy & Security Certificates. Rarely use it so maybe check mozillaZine for documentation.
11:21:21 <frg_Away> For websites you can usually bypass if you load it on a per session base. Permanently not sure if possible.
12:00:19 <TheSHAD0W> frg_Away: There's no click-through to bypass any more.
12:00:47 <TheSHAD0W> Either per-session or to add to the cert database.
12:01:52 <TheSHAD0W> Makes it a much bigger problem if governments start trying to censor websites by monkeying with certs.
12:07:47 <tomman> also, there is strict HSTS with no bypass by design
12:08:10 <frg_Away> tomman yes Suspect strict transport security is on.
12:08:12 <tomman> and if your government is tampering with SSL, you've had BIGGER problems than a exceptions dialog
12:08:19 <tomman> ---you've got
12:09:00 <TheSHAD0W> Of course it is.  So is there a way to turn off strict transport security?
12:11:09 <TheSHAD0W> In about:config I assume?
12:12:10 <TheSHAD0W> I see network.stricttransportsecurity.preloadlist but no separate one.
12:17:29 <TheSHAD0W> Tried several ways to get the old behavior back and haven't been successful.
12:20:29 <TheSHAD0W> It's not the first time some site operator let a cert expire, and it won't be the last, and turning off a way to bypass it is just stupid.
12:26:44 <TheSHAD0W> This doesn't even have the "thisisunsafe" bypass that's in chrome.  I think I'm finally going to have to switch browsers.
12:44:53 <frg_Away> bye then
12:48:34 <njsg> TheSHAD0W: there is, I think, a store inside the profile. wasn't this in readable text? it might be possible to edit that file to reset the site's hsts status
12:49:32 <njsg> I don't know the current interface to bypass such situations, except for knowing it won't show the bypass button when hsts had been detected in the past
12:50:07 <frg_Away> SiteSecurityServiceState.txt
12:50:43 <njsg> there's something in the certificate manager, let me see if it works
13:07:35 <njsg> it's possible to add an exception but it seems it's ignored with HSTS?
18:14:18 <therube> i only saw 1 post on "virustotal", so i might have missed something... anyhow, https://www.virustotal.com/old-browsers/
18:54:34 <tomman> therube: awesome
18:54:47 <tomman> now SeaMonkey is considered IBM-vintage
18:55:17 <therube> heh.
18:56:44 <tomman> well, at least they have AN option for us, unlike many sites that drank the Google Kool-Aid
18:57:14 <tomman> I was looking to check some file last week with VirusTotal, just to discover that Chromeisms have infected them
19:45:33 <therube> VirusTotal IS Google.  (google bought them a long time back.  And given that Chrome is Google ;-) ...)
21:43:31 <tomman> oh, so that explains a lot
21:43:37 <tomman> VirusTotal IS a virus then
21:43:53 <tomman> another sad day for the Internet then