Dear Moz Evangelism, I'm a looong time Firefox user and love it.
Currently I'm losing it.
I want to ask about Firefox security implementation, possibly HSTS?
Firefox seems to implement strict-er security in comparison to Chrome.
Our IT department have been making changes to implement SSO including
using a SAML identity provider with Google services.
>From the perspective of our ICT support it's been starting to look
like Firefox doesn't work. We've gone from Firefox as the recommended
browser, to Chrome being recommended, and today I've got a support
request open because I can't use Firefox at all. There is a risk that
Firefox will become unsupported in our organisation simply because
Chrome implements looser security, but at least it "works".
This doesn't look like a simple problem to solve. I'm not sure of the
details but we seem to be forwarding SSL certs from outside our
network and then they look like they're issued by us. Some sites allow
a security exception to be recorded. Others just don't. You can either
press the "Get me out of here button" or just sit there reading the
error message. I can't even access MDN using FF.
I'm writing to evangelism because I believe this is an issue for lots
of people and could be damaging the market share of the world's best
browser. Can you help me respond to my ICT department to make FF work?
It's hard to evangelise FF when it doesn't "work".
MDN:
Secure Connection Failed
The connection to
developer.mozilla.org was interrupted while the page
was loading.
The page you are trying to view cannot be shown because the
authenticity of the received data could not be verified.
Please contact the web site owners to inform them of this problem.
This Connection is Untrusted
Google:
You have asked Firefox to connect securely to
mail.google.com, but we
can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted
identification to prove that you are going to the right place.
However, this site's identity can't be verified.
What Should I Do?
If you usually connect to this site without problems, this error could
mean that someone is trying to impersonate the site, and you shouldn't
continue.
This site uses HTTP Strict Transport Security (HSTS) to specify that
Firefox only connect to it securely. As a result, it is not possible
to add an exception for this certificate.
Get me out of here!
Technical Details
mail.google.com uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.
(Error code: sec_error_unknown_issuer)