Gangmax Blog

自由之思想,独立之精神

How to Disable HTTP Strict Transport Security(HSTS) in Firefox

| Comments

In some network environment, when browsing some websites with Firefox like ”Google Groups” which enables HSTS, you may get the following error message(Chrome will not work for the same situation but I did not search the solution for it):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
This Connection is Untrusted

You have asked Firefox to connect securely to groups.google.com, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.

What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

groups.google.com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.

(Error code: sec_error_unknown_issuer)

Most likely this means this network is insecure and doing the man-in-the-middle attack. However what if I still want the connection to work? Here is a solution.

  1. Open the “about:config” page;

  2. Right click menu “New -> Integer”, add an item named “test.currentTimeOffsetSeconds” and value “11491200”, confirm;

  3. Now the connection should work.

Another interesting fact is that Internet Explorer (at least v10) does not have this issue, even no warning at all.

Comments