The Un-Official Proxomitron Forum

Full Version: Google Secure (httpS) sites unreachable through Proxo
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
I am totally unable to visit ANY Google secure website with Prox filtering, though it works like a charm with most other httpS sites.

This problem seems to be Google-specific. All other httpS sites act normally with Proxo filtering.

In Firefox 10 and Chrome, I stay stuck on the Security alert page ("This Connection is Untrusted" alert box). No way to go any further.
I cannot acces my mailbox in GMail, for example, unless I accept to go there without protection.

But it's okay if I stop filtering Google's httpS pages (List BypassSSL, Proxo Config Settings = don't use SSL, or browser settings = no proxy).

Google scoundrels go on "annoying" people ... They advertise everywhere :
Code:
"Hey, this is important: We’re changing our privacy policy and terms of service.""
and it's about since that Google httpS has become unreachable through Proxo.

In their always increasing quest to control people I wonder if the Google men are not checking which version of the SSL files (ssleay32.dll & libeay32.dll) we use, and disable connection if it's too old.
That is a problem as Proxo cannot use standard OpenSSL files, it seems they need to be patched, and mine date from 2006 for the most recent I could find (on Sidki's site).

Does anybody know if there are more recent SSL files somewhere ?
the only SSL i do on Google is Gmail and it's working fine with the "old" .dll's...
(Feb. 27, 2012 07:26 PM)fpout Wrote: [ -> ]In Firefox 10 and Chrome, I stay stuck on the Security alert page ("This Connection is Untrusted" alert box). No way to go any further.

Has Firefox removed the "I Understand the Risks" link that opens the "Add Exception" option?

(Feb. 27, 2012 07:26 PM)fpout Wrote: [ -> ]Does anybody know if there are more recent SSL files somewhere ?

No. I think the changes OpenSSL made were too difficult to accommodate.
GMail was working like a charm till a few days ago.

Firefox = the problem comes with Firefox version 10. Reverting to version 8 brings back normal access to GMail, with and without Half-SSL on.

I didn't retain Fox 9 as it is slower than Fox 8.
So there seems to be something wrong in the security policy in Fox 10, it loops between "This connection is untrusted" and "Add security Exception" windows when Proxo is on.
Looks like it is refusing Proxo's certificate, but the certificate is present.

Returning to Firefox-10.0.2, the question is : Why does it pass for all the other https sites I've tried and not for Google sites ?
For instance, at https://www.hushmail.com/ or https://www.vfemail.net/, the "This connection is untrusted" alert is easily overridden.

So, it appears with Fox-10 and is only relative to Google hhtpS.


Chrome 17.0.963.56 = any https://*.google.com/ site ends on the red "This is probably not the site you are looking for!" alert window, with NO way out but the "back" button.

http://https-px-.encrypted.google.com/we...te=0&tbo=1 manually entered is OK
http://https-px-.accounts.google.com/Ser...e&rm=false manually entered seems ok but lands on a settings page with the message "Your browser version is no more compatible with Google accounts. Please use a more recent one, like Google Chrome" (https-px-.www.google.com/settings/general-light/?ref=/settings/). Oh, irony !

Reverting to Chrome 14 -> same result, while a few weeks ago, it was giving me access to my GMail inbox.

Gooooooogle ...
Have updated to Firefox 10.0.2.

https://google.com gets me pic1[attachment=726]

Clicking on "I Understand the Risks" pic2[attachment=727]

Clicking "Add Exception" pic3[attachment=728]

I wonder if your Firefox install has been corrupted.

I don't have chrome. I do have an old version of ChromePlus that I don't think is quite right.

I'll guess that your "accounts.google" problem is due to the user-agent header that your Proxomitron is sending. If so, we can change it to suit. What are you sending?
JJoe: Yes I went through these 3 steps, but then, on step 3, when I press "Confirm Security Exception" which is ontop of "This Connection is Untrusted", I see just a green GET sent in the Log Window, and I am back on the "This Connection is Untrusted" and no answer appears on Log Window.

Anyhow, at this step, we aren't supposed to have the "This Connection is Untrusted" popping up, but the GMail login screen, as I am entering this string in the urlbar: "http://https-px-.www.google.com/accounts/ServiceLogin?service=mail&passive=true ..."

The UA string sent by Proxo is "User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)", and works well with Firefox 8.0 & other browsers.

I experimented a lot:

----- Opera -------- (Same Proxo settings) ---------

By the way, I just remembered that I hadn't tried Opera (11.61.1250). So I did try going to my GMail account through Proxo with it.
Funnily Opera worked flawlessly, and gently brought me into my GMAil inbox. Seems to work nicely as it should. Been able to read my mails & compose a quick & dirty sample mail.

---- GreenBrowser (MSIE engine) ------ (Same Proxo settings) -------

Quick try with GreenBrowser (I recently discovered this nice, very fast, handy, ergonomic & VERY small alternative to MS Internet Explorer) : Works like a charm too.

---- Firefox 10.0.2 portable from PortableApps ----------

Fresh, just OOB, without any addon --> works OK too

Then I renamed my Firefox working folder and re-installed a new 10.0.2 one from Liberkey (my Fox is a portable version), so it was brand new and totally free from plugins/addons.
Works like a charm ...

Next step was to rename my Chrome folder et re-install a fresh copy from Liberkey. Chrome 17 oob (trough proxo) proceeds to GMail when manually provided with: "http://https-px-.mail.google.com", but still any https://*.google.com/ site ends on the red alert dead-end window. So nothing different here.

Disabling all my fox addons one by one didn't cure the issue.

Then I tried replacing the profile data files one by one, remembering there a problem with Fox in the past with a "xul" file becoming obese and degenerating. But no more xul-file by now.

The situation remained the same until I noticed "permissions.sqlite" wich was 2 048 bytes in my profile folder and 65 536 in the fresh oob profile.
Replacing mine with that fresh one did the trick.

Now I land on GMail login screen again when I enter "http://https-px-.mail.google.com", back to normal.

Oof ! The people from Mozilla should advertise about that in their "Release Notes" ...

Nevertheless, that doesn't tell us why Chrome (and it only) refuses all httpS pages through Proxo (ie: https://www.fastmail.fm/mail/).
The workaround is to prefix with "http://https-px-." but it's quite boring.
I know the urlbar history will propose it later, but it disappears when doing daily housekeeping.

If somebody has an idea ?
(Feb. 29, 2012 12:25 AM)fpout Wrote: [ -> ]Anyhow, at this step, we aren't supposed to have the "This Connection is Untrusted" popping up, but the GMail login screen, as I am entering this string in the urlbar: "http://https-px-.www.google.com/accounts/ServiceLogin?service=mail&passive=true ..."

Is the header filter "Location: 4 Half-SSL 06.11.02 (cch!) [jjoe] (d.2) (In)" enabled?

When I try that address, google's server returns a 302 response with a Location header that redirects the browser to https://accounts.google.com/ServiceLogin?service=mail&passive=true. "Location: 4 Half-SSL 06.11.02 (cch!) [jjoe] (d.2) (In)" changes this to http://https-px-.accounts.google.com/ServiceLogin?service=mail&passive=true


(Feb. 29, 2012 12:25 AM)fpout Wrote: [ -> ]The workaround is to prefix with "http://https-px-." but it's quite boring.
I know the urlbar history will propose it later, but it disappears when doing daily housekeeping.

If somebody has an idea ?

A bookmarklet might help. Something like

Code:
javascript:document.location="http://https-px-.dbug.."+document.location.href.substring(7);

I suspect, more javascript or an autoit script will be needed for Chrome's "Connection is Untrusted" page, however.

Maybe a program to change the name on the Proxomitron cert to satisfy the browser.
searched a little.
read only results, but (if true) maybe this is good to know.
chrome on windows uses windows/msie certs


also tried searching
selfsigned certificate chrome problem
but nothing interesting in results.



want to try one of the chromium-based browsers? srware? comodo?
http://www.google.com/search?q=Chromium+...ss+windows
?
http://gnuwin32.sourceforge.net/packages/openssl.htm
0.9.8h
4 December 2008

But later versions win32 build are on this link from openssl.org:
http://www.slproweb.com/products/Win32OpenSSL.html
http://www.slproweb.com/download/Win32Op...1_0_0g.exe
Installs the most commonly used essentials of Win32 OpenSSL v1.0.0g (Recommended for brave users by the creators of OpenSSL). Note that this is a default build of OpenSSL and
{snip}
http://www.slproweb.com/download/Win32Op...1_0_0g.exe
Installs Win32 OpenSSL v1.0.0g (Recommended for software developers by the creators of OpenSSL). Note that this is a default build of OpenSSL and
{snip}

http://www.slproweb.com/download/Win64Op...1_0_0g.exe
Win64 OpenSSL v1.0.0g (Only install this if you need 64-bit OpenSSL for Windows. Only installs on 64-bit versions of Windows.
{snip}
http://www.slproweb.com/download/Win32Op...0_9_8t.exe
{snip}
http://www.slproweb.com/download/Win32Op...0_9_8t.exe
{snip}
srware iron portable 10.0.650.1 (80000) (2011)
"Proceed anyway" button goes to
https://accounts.google.com/ServiceLogin...ssive=true
https://vfemail.net
https://fastmail.fm

but the "https" of url is red with red slash
Google https locations work normally in Firefox 10 now.

Thank you sbk. I knew Chrome was using MS default settings, as for the Internet Options (Network > Proxy notably).

I had imported Proxo's certificate in Windows Trusted Root Author certs times ago, but looks like it disappeared from there, supposably last time I restored my Windows system.
Anyhow, I did import the actual valid Proxomitron certificate in windows just now, and the result is positive (partially):

https locations like https://www.hushmail.com/ - https://www.quicksilvermail.net/qslite still end on the red SSL-Error "This is probably not the site you are looking for!" screen,
BUT now the "Proceed anyway" button is there, at last! So I can reach httpS sites ...

... Except the Google ones, like https://encrypted.google.com/search?, https://accounts.google.com/ or https://mail.google.com/mail/ who still land on the red Security Error screen but WITHOUT Proceed Anyway button.

Google is REALLY strange.
Quote:http://gnuwin32.sourceforge.net/packages/openssl.htm
0.9.8h
4 December 2008
seems ssleay32.dll is missing there

Versions newer than Sidki's 0.9.8.0 rev1 cause two successive Error messages :
Code:
---------------------------
ProxomiTron Application Error
---------------------------
Sorry, This version of SSLeay doesn't
contain all the needed functions. It may
be too different a version or complied
without all the necessary algorithms.
---------------------------
OK  
---------------------------
and
Code:
---------------------------
ProxomiTron Application Error
---------------------------
OpenSSL_add_all_algorithms
---------------------------
OK  
---------------------------
wherever they come from.
(Feb. 29, 2012 05:02 AM)JJoe Wrote: [ -> ]When I try that address, google's server returns a 302 response with a Location header that redirects the browser to https://accounts.google.com/ServiceLogin?service=mail&passive=true. "Location: 4 Half-SSL 06.11.02 (cch!) [jjoe] (d.2) (In)" changes this to http://https-px-.accounts.google.com/ServiceLogin?service=mail&passive=true

Sorry, that was only the beginning of the url string, to make it short ... that's why I put it between double quotes. It was just an example.

Yes the header filter "Location: 4 Half-SSL 06.11.02 (cch!) [jjoe] (d.2) (In)" is enabled.

There are 2 versions in my config:
Code:
In = TRUE
Out = FALSE
Key = "Location: 4 Half-SSL     06.11.02 (cch!) [jjoe] (d.2) (In)"
URL = "$TST(keyword=(^*.a_cont_loc.)*.i_ssl_h:[12].*)"
Match = "https://\1"
Replace = "http://https-px-.\1"
and a more recent one:
Code:
In = FALSE
Out = FALSE
Key = "Location: 5 Half-SSL     09.04.10 (cch!) [jjoe] (d.2) (In)"
URL = "$TST(keyword=(^*.a_cont_loc.)*.i_ssl_h:[12].*)"
Match = "https://(\1\?$SET(#=?)(\#\=https%3a%2f%2f$SET(#==http%3A%2F%2Fhttps-px-.))+\#|\1)"
Replace = "http://https-px-.\1\@"

Which one should we use ?

As for Chrome, now are just left unaccessible Google https sites. All other https sites are reachable through the override button "Proceed anyway" now displayed after re-importing Proxo's certificate in Windows cabinet.

I created a bookmark for Goo Search (working ok) : http://https-px-.encrypted.google.com/we...=1&num=100

-----------------------

On any browser:

GMail = http://https-px-.mail.google.com redirects to http://https-px-.accounts.google.com/Ser...mplcache=2
(login) -> error 404 -> sign-in link -> http://https-px-.accounts.google.com/Login -> dead end = http://https-px-.www.google.com/settings.../settings/ with this message : "You are using an old browser version which Google accounts no longer supports. Some features may not work correctly. Please upgrade to a modern browser, such as Google Chrome."

To reach my inbox, I then have to :

1) type in my GMail account litterally like this "http://https-px-.mail.google.com/mail/h/XXXXXXXXXXXXX/?zy=e&f=1&shva=1" (XXX = my GMail account reference) as obtained elsewhere when I succeded connecting to my Inbox.
Alternative:
2) Email Adrdresses -> Edit -> button "GMail" --> here I land into Inbox !

Quite tortuous.

Bookmark : http://https-px-.www.google.com/accounts...l%26zy%3Dl
takes me directly to a valid login screen which opens directly my Inbox.

Am I the only one to have these troubles with Google https, or don't people filter https through Proxo ?
you should only have the "4 Half-SSL"...
your "5" will never match because "4" already did...

i have BOTH of the filters also -
BUT i have "5" as "3b" AND it uses a DIFFERENT keyword...
only Exc-U entries with the DIFFERENT keyword will use "3b"...
and once "3b" matches, "4" will no longer match...
Code:
In = TRUE
Out = FALSE
Key = "Location: 3b Half-SSL     9.04.10 (cch!) [jjoe] (d.2) (In) [add]"
URL = "$TST(keyword=(*.half-ssl-mod.)*.i_ssl_h:[12].*)"
Match = "https://(\1\?$SET(#=?)(\#\=https%3a%2f%2f$SET(#==http%3A%2F%2Fhttps-px-.))+\#|\1)"
Replace = "http://https-px-.\1\@"
I think the 404 is due to half-ssl in input tags.

I'd use "Location: 4 Half-SSL 06.11.02". Converting all https in url gets another 404.

Found http://prxbx.com/forums/showthread.php?t...0#pid12250 .

Will try to borrow a Google id and see what can be done tomorrow.
Pages: 1 2
Reference URL's