ProxHTTPSProxyMII: Reloaded
|
Sep. 09, 2018, 02:01 PM
(This post was last modified: Sep. 09, 2018 02:02 PM by Sudenr.)
Post: #280
|
|||
|
|||
RE: ProxHTTPSProxyMII: Reloaded
UPD:
Alas, even without "SSL Accelerator" addon in Firefox, ProxHTTPSProxyMII still continues to spawn errors, albeit somewhat less often. So I did some research: 1. Verification showed that the problem only occurs with Firefox, Chrome-based is not affected. 2. The problem arises even in the clean, fresh-installed Firefox. 3. The problem arises if a site is opened that loads a lot of other encrypted sites simultaneously. Most often this is a variety of imgNN.example.com 4. The problem occurs regardless of certificate type - EC or RSA But generated certificates are valid in both cases (if check it with Windows) 5. When I try to download a picture from subdomain with an incorrect certificate, Firefox gives an error: "SEC_ERROR_REUSED_ISSUER_AND_SERIAL" It seems, that it's caused by identical serial number in generated certificates (and paranoid Firefox security), so I check how certs generated, and found line Code: cert.set_serial_number(int(time.time()*10000)) I changed it to Code: cert.set_serial_number(int(time.time()*random.randint(1, 10000))) No SSLv3 errors for 3 days. |
|||
« Next Oldest | Next Newest »
|