Skip to content
GitLab
Closed
Created by Jim Newsome@jnewsome

Tor Browser doesn't run on recent arch: Missing server TLS certificates

We've had two reports of users on 10.0.10 on Linux not being able to establish a secure connection to any web site. The url shows https, but "insecure". Clicking through, it looks as if there's no server certificate at all.

One user reported that switching to the alpha version of TBB resolved the issue. The second user reported that it didn't.

The second user verified that the browser does correctly report invalid certificates, using badssl.com.

The second user was able to fix it with a clean profile. (Update: a clean profile on alpha. Still broken on 10.0.10)

-Hqs -Hqz -HNT

15:40 < rany> Hi, I'm having an issue right now with Tor Browser reporting all HTTPS 
              connections as insecure. This happened after the update to 10.0.10
15:43 < rany> screenshot: https://0x0.st/-HNT.png
16:47 < jnewsome> rany: what does it say if you click on the right-arrow next to 
                  "connection not secure"?
16:50 < rany> https://0x0.st/-Hqs.png
16:53 < jnewsome> strange. someone reported a similar problem yesterday; I think they 
                  ultimately worked around it by installing the alpha version of the tor 
                  browser
16:53 < rany> and https://0x0.st/-Hqz.png
16:53 < rany> hmm, well it's not bothering too much but i wanted to check if its 
              intentional cuz i can't find anything in the change log
16:53 < jnewsome> thank you for the screenshots; I wasn't able to get detailed info from 
                  the reporter yesterday
16:54 < rany> so not all TB users have this issue?
16:54 < jnewsome> nope; I'm on the same version and not experiencing that problem
16:55 < jnewsome> is this linux?
16:55 < rany> yes
16:55 < jnewsome> I would be careful about using the browser in this state; you might not 
                  detect a man-in-the-middle attack
16:56 < rany> I'll try the alpha version of TB and check if that fixes it 
16:56 < rany> yeah, good point 
16:58 < rany> tor browser alpha doesn't fix it for me :/
16:59 < jnewsome> I wonder if this could be an actual attack. Could you try requesting a 
                  few circuits and see if it works for any of them?
17:01 < rany> i've tried a ton of circuits and so far they all have the issue ... so 
              probably unlikely 
17:01 < rany> also bad SSL certificates still get detected fine ... just tried from 
              badssl.com
17:02 < rany> so it seems like verification is working all right 
...
17:25 < rany> though TB works fine with a clean profile 
17:26 < rany> not sure why the update broke my old profile 
...
17:36 < rany> nevermind, i just got the same issue even with a clean profile 
17:36 < rany> /shrug 
17:36 < rany> (but that's on stable TB )
Edited by Roger Dingledine
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information