Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adguard downgrades TLS version in case of connection error #300

Closed
dnovitskyi opened this issue Apr 2, 2018 · 5 comments
Closed

Adguard downgrades TLS version in case of connection error #300

dnovitskyi opened this issue Apr 2, 2018 · 5 comments
Assignees
@Stillness-2
Labels
Bug
Milestone
1.5.6

Comments

@dnovitskyi
Copy link

Steps to reproduce

  1. Disallow use of TLS 1.1 and lower in network settings
  2. Launch AdGuard
  3. On Firefox, loading a page will display an Unsupported protocol error
  4. Other browsers work fine

Expected behavior

AdGuard should respect the user's network settings and only use TLS 1.2+

Actual behavior

On Firefox, AdGuard falls back to TLS 1.1

Screen Capture:

Available under 1672992

Customer ID

1672992

Your environment

  • Environment name and version: (e.g. Chrome 59): AdGuard 1.5.3, Firefox_latest, Opera_latest
@ghost
Copy link

ghost commented Apr 2, 2018

:)

@ameshkov
Copy link
Member

ameshkov commented Apr 3, 2018

Disallow use of TLS 1.1 and lower in network settings

@majkassab could you please elaborate where exactly have you changed this?

Did you use about:config in Firefox or is it something else?
It's just by default, AG uses the highest TLS version specified by the browser.

@ghost
Copy link

ghost commented Apr 3, 2018

@ameshkov
-yes i use about:config in firefox to block TLS 1.1 & 1
-This is the configuration i use to make firefox more secure:
security.ssl3.rsa_des_ede3_sha False
security.tls.version.min 3
security.tls.version.max 4
media.peerconnection.enabled False
security.ssl3.rsa_aes_128_sha; false
security.ssl3.rsa_aes_256_sha; false
security.mixed_content.block_display_content;true
security.OCSP.require;true
security.ssl.require_safe_negotiation true
security.ssl.treat_unsafe_negotiation_as_broken;true
browser.formfill.enable;false
privacy.resistFingerprinting;true
camera.control.face_detection.enabled;false
browser.cache.disk.enable;false
browser.cache.disk_cache_ssl;false
browser.cache.offline.enable;false
geo.enabled;false
media.webspeech.synth.enabled;false

-my problem is sometime adguard switch connection from TLS 1.2 to 1.1 and to solve the problem i turn off and turn on again adguard(mac version) to continue on TLS 1.2 and sometime i refresh/reload page(rarely)

-google.com and google.com.lb are the most affected by this problem (maybe because i use it a lot)

@Stillness-2 Stillness-2 self-assigned this Apr 5, 2018
@Stillness-2 Stillness-2 modified the milestones: 1.5.4, 1.5.5 Apr 5, 2018
@vozersky
Copy link
Member

vozersky commented Apr 6, 2018
edited

@majkassab hello! please try this build, it fixes the TLS problem: https://www.dropbox.com/s/oo3j8mwt0gzf5xs/Adguard-1.5.5.beta.dmg?dl=0

@vozersky vozersky added Bug and removed Question labels Apr 6, 2018
@ghost
Copy link

ghost commented Apr 6, 2018

hi, @vozersky I installed it but i can't say if the problem is fixed because there aren't any specific website or time to happen. if Adguard switches again to TLS 1.1 I will tell you by post it here. Thank you so much for your help

@vozersky vozersky changed the title AdGuard reverts to TLS 1.1 on Firefox Adguard downgrades TLS version in case of connection error Apr 6, 2018
@zebrum zebrum closed this as completed Apr 10, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Stillness-2 Stillness-2

Labels
Bug
Projects
None yet
Milestone
1.5.6
Development

No branches or pull requests
5 participants
@Stillness-2 @ameshkov @vozersky @zebrum @dnovitskyi