[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Kaspersky still interferes with SSL port 443 sites

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Kaspersky still interferes with SSL port 443 sites
From: "freek2023@xxxxxxxx" <freek2023@xxxxxxxx>
Date: Sat, 02 Nov 2013 15:15:41 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 02 Nov 2013 10:26:20 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.de; s=s1024; t=1383401746; bh=rBzmLZdPM83UCTHvz6T1mVWzvsfN3jZDHXf0aIiPqKE=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:User-Agent:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Content-Type:Subject:From:Date:To:Message-ID; b=eb429vARm3/bbI4zWdZ/CuUHtmHhRJL2ow9IfUDTumCXz12gvqkQ5Jw+t/ARVOnoy7nUu+F4RcmEtTnVATizKoJxNmRBM8l4pC+ThoQFEOfIXLVe7Zk1OxQJm7DxKuuTga3cQ6tWf1k18J8YvLdIECixgpe+r2Hs9utPBemIwq0=
In-reply-to: <5273F7B0.4010806@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <5273F7B0.4010806@xxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: K-9 Mail for Android

Hi Joe!

I'm answering off-list, because it seems out of focus of the community there and while I understand the need/necessity/advantage/etc. of opensource-sw in certain cases, I'm not a "*nix-nazi" and one of my machines uses windows and KIS2013. I'm also not eager to "out" myself with this to the community.



Joe Btfsplk <joebtfsplk@xxxxxxx> schrieb:
>Weeks ago I reported problems accessing https Ixquick / Startpage
>search 
>sites in TBB 2.3.25-12, then *-13 and 2.4.x; then saw it was most (or 
>all) sites using port 443.
>Traced it to some issue with Kaspersky Internet Security 2014 (KIS) & 
>its "scan encrypted connections" feature, though never found exact
>problem.

Do you use the manual mode if KIS? I also tried that feature, but intransparently catching server certificates definitely messed with my system. This function is imho snakeoil of the highest quality. (Except you use an insecure browser and have no idea how ssl/tls and the x.509 certs work.)
I want to be able to check certs myself and it's possible that the cert/ssl-design in tor, which uses (afaik randomly generated,) self signed certs, doesn't work with the "validation" KIS conducts.

>In the Tor Network map, I can see port 443 try to open, then
>immediately 
>close when accessing sites using that port.  Until I close / reopen KIS
>
>- then problem solved.

It's just a guess, buy maybe that way you get the proper certificate to your pc.

Hope that helps!

cheers,
Martin
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Kaspersky still interferes with SSL port 443 sites
  - From: Joe Btfsplk
- Re: [tor-talk] Kaspersky still interferes with SSL port 443 sites
  - From: mick

References:
- [tor-talk] Kaspersky still interferes with SSL port 443 sites
  - From: Joe Btfsplk

Prev by Author: Re: [tor-talk] Fwd: SecureDrop, new whistleblower submission system
Next by Author: Re: [tor-talk] Kaspersky still interferes with SSL port 443 sites
Previous by thread: Re: [tor-talk] Kaspersky still interferes with SSL port 443 sites
Next by thread: Re: [tor-talk] Kaspersky still interferes with SSL port 443 sites
Index(es):
- Author
- Thread