connection partially encrypted after reloading tabs at startup
After restoring a session tabs with secure connections often indicate problems with SSL connections.
I noticed this with google+, gmail and service-now.com.
Both Firefox and the calomel SSL validation add-on indicate that the connection is not secure. Firefox shows that the connection is partially secure but Calomel warns about a broken or untrusted connection (0%).
Simply refreshing the page (by selecting the URL and pressing enter) solves the issue. After this the connection is considered secure again by both the Firefox URL icon and the Calomel add-on.
The problem cannot 100% be reproduced but it happens almost every time the browser has been closed for a longer period of time (usually when I've logged off).
So far I have only seen this for sure using Firefox portable on Windows 7.
All Replies (3)
This sounds like the about config feature browser.sessionstore.privacy_level
If it is set to 1 when you restore a session it Stores extra session data for unencrypted (non-HTTPS) sites only. So since you are asking about partially encrypted paged I am not sure. Can you please clarify "partial encryption"?
I wonder if it is because by default browser.sessionrestore.privacy_level_deffered is set to 1: http://zpao.com/posts/restore-previous-session/ which is HTTPS only. Would partial mean http and https?
If I click the exclamation mark icon the Technical details indeed says "Connection is Partially Encrypted".
browser.sessionstore.privacy_level is set to 0 and browser.sessionstore.privacy_level_deferred is set to 1
Lately the problem is getting worse. If I open gmail the connection is secure but when I opened emails in gmail the connection was broken (I got the exclamation mark and alert from calomel) every time. Now it remains secure. I can't think of anything that would explain the difference in behaviour. It's a pain but I'll try to clean up my session (not save tabs etc.) to see if that makes a difference.
Modified
You may be able to check to make sure that the defualt ssl and tsl versions in firefox are not blocking the sites by checking the protocols used/detected with this: https://www.ssllabs.com/ssltest/index.html
It looks like there is an issuer: Entrust.net Certification Authority (2048) and TLS 1.1 is not used.
Does it help to set these two prefs to 0 (zero) on the about:config page to disable TLS?
*security.tls.version.min = 0 *security.tls.version.max = 0