I’ve recently switched to more secure programs including librewolf browser and bitdefender antivirus. and I know bitdefender blocks a couple things on lemmy as is, so I wanted to know if it was on my end or theirs.

  • tal@lemmy.todayEnglish
    3·
    2 months ago

    It’s not clear to me from your description exactly what behavior you’re seeing.

    I’m assuming that it’s most likely one of:

    1. You just can’t reach https://catbox.moe/ at all, no response, in LibreWolf.

    2. You can reach http://catbox.moe/ but not https://catbox.moe/ in LibreWolf.

    3. You’re getting some kind of error message about the connection being insecure from LibreWolf, like a certificate error of some sort.

    I can reach https://catbox.moe/ without TLS-related issues. My guess is that it’s most-likely not them.

    Sometimes, if you’re on a public WiFi access point, connections to hosts will be intercepted and redirected to some kind of sign-in page. But my impression is that browsers normally detect this today by trying a sample connection first and seeing whether it’s redirected.

    Sometimes employers will issue laptops with an installed CA root that they control and perform man-in-the-middle attacks on outbound connections from work networks to monitor what’s being sent.

    You can probably look in your browser for more diagnostic information, but I don’t use LibreWolf, so I can’t give much advice there. On Firefox, it’d be click on the padlock in the URL bar->Connection secure->More information->Security.

    If you want more details, probably the biggest hammer available for troubleshooting a TLS connection that I know of is OpenSSL’s s_client. On a Linux system, establishing a test connection looks like this:

    $ openssl s_client -connect catbox.moe:443

    Part of the output I’d expect you to be seeing is this:

    Certificate chain
 0 s:CN=catbox.moe
   i:C=US, O=Let's Encrypt, CN=E5
   a:PKEY: EC, (prime256v1); sigalg: ecdsa-with-SHA384
   v:NotBefore: Apr 19 06:19:27 2025 GMT; NotAfter: Jul 18 06:19:26 2025 GMT
 1 s:C=US, O=Let's Encrypt, CN=E5
   i:C=US, O=Internet Security Research Group, CN=ISRG Root X1
   a:PKEY: EC, (secp384r1); sigalg: sha256WithRSAEncryption
   v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT

---

    That’s the certificate chain that I see. If something’s intercepting your connection (public WiFi access point trying to show a login page, employer trying to monitor what’s in the connection, etc) I’d expect you’ll probably see something else.

    considers

    I’m not really familiar with Let’s Encrypt, but I understand that it’s intended to be an easy-to-use route to issue free TLS certs, which it looks like catbox.moe uses. I know that I’ve read about attacks performed before on this route. It’s possible that LibreWolf doesn’t accept their root certificate by default.

    kagis

    I don’t see anything about LibreWolf not trusting Let’s Encrypt, so I doubt that that’s the case.