[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Kaspersky still interferes with SSL port 443 sites



Hi Joe!

I'm answering off-list, because it seems out of focus of the community there and while I understand the need/necessity/advantage/etc. of opensource-sw in certain cases, I'm not a "*nix-nazi" and one of my machines uses windows and KIS2013. I'm also not eager to "out" myself with this to the community.



Joe Btfsplk <joebtfsplk@xxxxxxx> schrieb:
>Weeks ago I reported problems accessing https Ixquick / Startpage
>search 
>sites in TBB 2.3.25-12, then *-13 and 2.4.x; then saw it was most (or 
>all) sites using port 443.
>Traced it to some issue with Kaspersky Internet Security 2014 (KIS) & 
>its "scan encrypted connections" feature, though never found exact
>problem.

Do you use the manual mode if KIS? I also tried that feature, but intransparently catching server certificates definitely messed with my system. This function is imho snakeoil of the highest quality. (Except you use an insecure browser and have no idea how ssl/tls and the x.509 certs work.)
I want to be able to check certs myself and it's possible that the cert/ssl-design in tor, which uses (afaik randomly generated,) self signed certs, doesn't work with the "validation" KIS conducts.

>In the Tor Network map, I can see port 443 try to open, then
>immediately 
>close when accessing sites using that port.  Until I close / reopen KIS
>
>- then problem solved.

It's just a guess, buy maybe that way you get the proper certificate to your pc.

Hope that helps!

cheers,
Martin
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk