Before I investigate this I was wondering if this is a known issue.
Since January 1st I get this error when visiting here: "Avast Web Shield has blocked access to this page because the following certificate is invalid boards.Sup Forums.org"
Photo of this attached because it couldn't be captured with a screenshot.
When I disable this and let Firefox check the certificate itself, the result is without any mention of anything out of the ordinary. Inspecting the certificate hierarchy visually it seems that it is issued to ssl538052.cloudflaressl.com and not boards.Sup Forums.org as the url would suggest.
It looks like a successful man-in-the-middle attack where cloudflare identifies itself as Sup Forums but what I am communicating with is absolutely something else and whom I should actually not trust.
I've read somewhere about cloudflare keyless SSL. That they take master keys of others into their own storage. Allowing to do anything they want under their (other) name.
You are correct . Sup Forums uses Cloudflare and the SSL MITM setup is intentional.
James Martinez
Thanks, I needed that. So you mean with intentional than Sup Forums wants MITM and uses cloudflare for that, or that cloudflare wants to MITM and intentionally offers Sup Forums (nearly free) services for that?
Carter Morgan
The former.
Dominic Reyes
If I remember correctly , cloudflare was setup by fbi and later nsa, with the mission of a safer internet by not only monitoring all traffic going through their servers but also performing deep packet inspection. Encryption was no real problem because they could MITM. So who would have the advantage?
I thought that MITM was and always has been a big deal. But now it seems to be happening in broad daylight and with no attention at all. Did I miss something?
Justin Cruz
Wait, you're concerned about the idea of CDNs because they're arguably a man-in-the-middle from the content host, but you're perfectly happy to run an Avast MITM on your own computer despite that widely being considered highly insecure?
What the fuck?
Connor Cook
you need to stop.
Dominic Ramirez
Sup Forums was never meant to be truly anonymous. It would have been hosted on foreign servers.
There was an uproar when Cloudflare added this "feature". Then after a few days, no one gave a shit anymore.
David Martin
Cloudflare is a reverse proxy that accelerates traffic to Sup Forums, caches static content, and blocks bots. It greatly helps the site.
Avast is bloatware spyware you've installed that literally intercepts all your connections, even SSL ones (which Cloudflare does not do unless a web admin has specifically configured that) and spies on everything you do.
Uninstall your shitty software, learn what screenshots are, then kill yourself.
Jason Gray
>literally intercepts all your connections that's called a firewall you fucking dunce >even SSL ones stop pretending you know what you're talking about.
Isaiah James
It intercepts your connections to HTTPS websites because you install Avast's MitM SSL certificate when you install the product. What did I say that was wrong?
Owen Powell
>stop pretending you know what you're talking about. Uh. is actually right. The Avast "web shield" intercepts your connections, adding and removing SSL/TLS in the process. If you open up the cert information on Firefox and look closely, you'll see the cert that's used when you visit Sup Forums (or any other HTTPS site) is actually signed by Avast.
When he saw ssl was broken he ran out of the house because he thought they were coming to get him. He is currently outside his screen window taking a picture and phone posting this thread trying to figure out if its safe to go back inside yet.
Gabriel Lopez
guess he couldn't figure it out w/o windows
Bentley Allen
you need to return to reddit
Oliver Scott
>shills ITT cloudflare=botnet
Jacob Murphy
>no retina screen.
So this is the power of windows?
Anthony Rivera
>using avast >only person having ssl problems avast is fucking autistic go get a better anti virus that won't circle jerk on it self every five seconds
Jason Price
switch to avira fuck avast
Jordan Thompson
A bunch of things could cause this.
1) cloudflare had a leapyear bug and fucked up so maybe Avast has a dns cache of this somewhere it's using and needs to be cleared out.
2) cloudflare resets it's SSL certs every year
3) avast is gay
You probably just need to clear out Avast's cert/dns cache
John Bennett
it's most likely the third one
Christopher Rivera
can you post the cert defails that avast has (if there is such an info window)?
Austin Taylor
The certificate is fine, you need to update your root certificates.
Carson Wood
Found this answer through .034982 secs of googling
Launch Avast. Click SETTINGS, and then select the Active Protection tab. Uncheck Scan SSL connections in all menus. Exit Avast.
