diff options
Diffstat (limited to '')
3 files changed, 555 insertions, 0 deletions
diff --git a/toolkit/content/neterror/gen_aboutneterror_codes.py b/toolkit/content/neterror/gen_aboutneterror_codes.py new file mode 100644 index 0000000000..806756422f --- /dev/null +++ b/toolkit/content/neterror/gen_aboutneterror_codes.py @@ -0,0 +1,31 @@ +#!/usr/bin/env python3 +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this file, +# You can obtain one at http://mozilla.org/MPL/2.0/. + +import sys + +from fluent.syntax import parse +from fluent.syntax.ast import Message + + +def find_error_ids(filename, known_strings): + with open(filename, "r", encoding="utf-8") as f: + known_strings += [ + m.id.name for m in parse(f.read()).body if isinstance(m, Message) + ] + + +def main(output, *filenames): + known_strings = [] + for filename in filenames: + find_error_ids(filename, known_strings) + + output.write("const KNOWN_ERROR_MESSAGE_IDS = new Set([\n") + for known_string in known_strings: + output.write(' "{}",\n'.format(known_string)) + output.write("]);\n") + + +if __name__ == "__main__": + sys.exit(main(sys.stdout, *sys.argv[1:])) diff --git a/toolkit/content/neterror/supportpages/connection-not-secure.html b/toolkit/content/neterror/supportpages/connection-not-secure.html new file mode 100644 index 0000000000..1df8b7501f --- /dev/null +++ b/toolkit/content/neterror/supportpages/connection-not-secure.html @@ -0,0 +1,205 @@ +<!DOCTYPE html> +<!-- This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> +<html> + <head> + <meta + http-equiv="Content-Security-Policy" + content="connect-src https:; default-src chrome:; object-src 'none'" + /> + <meta name="referrer" content="no-referrer" /> + <meta charset="UTF-8" /> + <link + rel="stylesheet" + type="text/css" + href="chrome://global/skin/offlineSupportPages.css" + /> + <link + rel="icon" + type="image/png" + id="favicon" + href="chrome://branding/content/icon32.png" + /> + <title>Secure connection failed and Firefox did not connect</title> + </head> + <body> + <div id="offlineSupportContainer"> + <h1>Secure connection failed and Firefox did not connect</h1> + <p> + This article explains why you may see a + <em>Secure Connection Failed</em> or a + <em>Did Not Connect: Potential Security Issue</em> error page and what + you can do. + </p> + <div id="toc"> + <h2>Table of Contents</h2> + <ul> + <li class="toclevel-1"> + <a href="#w_secure-connection-cannot-be-established" + ><span class="tocnumber">1</span> + <span class="toctext" + >Secure connection cannot be established</span + ></a + > + <ul> + <li class="toclevel-2"> + <a href="#w_secure-connection-failed" + ><span class="tocnumber">1.1</span> + <span class="toctext">Secure Connection Failed</span></a + > + </li> + <li class="toclevel-2"> + <a href="#w_did-not-connect-potential-security-issue"> + <span class="tocnumber">1.2</span> + <span class="toctext" + >Did Not Connect: Potential Security Issue</span + ></a + > + </li> + </ul> + </li> + <li class="toclevel-1"> + <a href="#w_website-issues" + ><span class="tocnumber">2</span> + <span class="toctext">Website issues</span></a + > + <ul> + <li class="toclevel-2"> + <a href="#w_tls-version-unsupported" + ><span class="tocnumber">2.1</span> + <span class="toctext">TLS version unsupported</span></a + > + </li> + <li class="toclevel-2"> + <a href="#w_hsts-required" + ><span class="tocnumber">2.2</span> + <span class="toctext">HSTS required</span></a + > + </li> + </ul> + </li> + <li class="toclevel-1"> + <a href="#w_security-software-conflict" + ><span class="tocnumber">3</span> + <span class="toctext">Security software conflict</span></a + > + </li> + <li class="toclevel-1"> + <a href="#w_incorrect-system-clock" + ><span class="tocnumber">4</span> + <span class="toctext">Incorrect system clock</span></a + > + </li> + <li class="toclevel-1"> + <a href="#w_other-secure-connection-issues" + ><span class="tocnumber">5</span> + <span class="toctext">Other secure connection issues</span></a + > + </li> + </ul> + </div> + <h1 id="w_secure-connection-cannot-be-established"> + Secure connection cannot be established + </h1> + <p> + When a website that requires a secure (<strong>https</strong>) + connection tries to secure communication with your computer, Firefox + cross-checks this attempt to make sure that the website certificate and + the connection method are actually secure. If Firefox cannot establish a + secure connection, it will display an error page. + </p> + <h2 id="w_secure-connection-failed">Secure Connection Failed</h2> + <p> + A <em>Secure Connection Failed</em> error page will include a + description of the error, an option to report the error to Mozilla and a + <span class="button">Try Again</span> button. There is no option to add + a security exception to bypass this type of error. + </p> + <p></p> + <p>The error page will also include the following information:</p> + <ul> + <li> + <em + >The page you are trying to view cannot be shown because the + authenticity of the received data could not be verified.</em + > + </li> + <li> + <em + >Please contact the website owners to inform them of this + problem.</em + > + </li> + </ul> + <h2 id="w_did-not-connect-potential-security-issue"> + Did Not Connect: Potential Security Issue + </h2> + <p> + Certain secure connection failures will result in a + <em>Did Not Connect: Potential Security Issue</em> error page. + </p> + <p></p> + <p> + The error page will include a description of the potential security + threat, an option to report the error to Mozilla and an + <span class="button">Advanced…</span> button to view the error code and + other technical details. There is no option to add a security exception + to visit the website. + </p> + <h1 id="w_website-issues">Website issues</h1> + <h2 id="w_tls-version-unsupported">TLS version unsupported</h2> + <p> + Some websites try using outdated (no longer secure) Transport Layer + Security(<em>TLS</em>) mechanisms in an attempt to secure your + connection. Firefox protects you by preventing navigation to such sites + if there is a problem in securely establishing a connection. Contact the + owners of the website and ask them to update their TLS version to a + version that is still current and still secure. + </p> + <p> + Starting in Firefox version 74, the minimum TLS version allowed by + default is TLS 1.2. Websites that don't support TLS version 1.2 or + higher will display a <em>Secure Connection Failed</em> error page with + Error code: SSL_ERROR_UNSUPPORTED_VERSION and a message that + <em + >This website might not support the TLS 1.2 protocol, which is the + minimum version supported by Firefox.</em + > + The error page may also include a button, + <span class="button">Enable TLS 1.0 and 1.1</span> that will allow you + to override the minimum TLS requirement; however, Mozilla plans to + remove this option and permanently disable TLS 1.0 and 1.1 in a future + version of Firefox. + </p> + <h2 id="w_hsts-required">HSTS required</h2> + <p> + Other websites may require HTTP Strict Transport Security (HSTS) and + will not allow access with an insecure connection. + </p> + <h1 id="w_security-software-conflict">Security software conflict</h1> + <p> + Many security products use a feature that intercepts secure connections + by default. This can produce connection errors or warnings on secure + websites. If you see secure connection errors on multiple secure + websites, updating your security product or modifying its settings may + resolve the issue. + </p> + <p> + <span class="for" data-for="win8,win10"> + Alternatively, you can uninstall third-party security software and use + Windows Defender, the built-in antivirus on Windows 8 and Windows 10. + </span> + </p> + <p></p> + <h1 id="w_incorrect-system-clock">Incorrect system clock</h1> + <p> + Firefox uses certificates on secure websites to ensure that your + information is being sent to the intended recipient and can't be read by + eavesdroppers. An incorrect system date can cause Firefox to detect that + the website's security certificate is expired or invalid. Make sure your + computer is set to the correct date, time and time zone. + </p> + </div> + </body> +</html> diff --git a/toolkit/content/neterror/supportpages/time-errors.html b/toolkit/content/neterror/supportpages/time-errors.html new file mode 100644 index 0000000000..c96c5ba95f --- /dev/null +++ b/toolkit/content/neterror/supportpages/time-errors.html @@ -0,0 +1,319 @@ +<!DOCTYPE html> +<!-- This Source Code Form is subject to the terms of the Mozilla Public + - License, v. 2.0. If a copy of the MPL was not distributed with this + - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> +<html> + <head> + <meta + http-equiv="Content-Security-Policy" + content="connect-src https:; default-src chrome:; object-src 'none'" + /> + <meta name="referrer" content="no-referrer" /> + <meta charset="UTF-8" /> + <link + rel="stylesheet" + type="text/css" + href="chrome://global/skin/offlineSupportPages.css" + /> + <link + rel="icon" + type="image/png" + id="favicon" + href="chrome://branding/content/icon32.png" + /> + <title>How to troubleshoot time related errors on secure websites</title> + </head> + <body> + <div id="offlineSupportContainer"> + <h1>How to troubleshoot time related errors on secure websites</h1> + <p> + Certificates for secure websites (the address begins with + <strong>https://</strong>) are valid only for a certain period of time. + If a website presents a certificate with validity dates that don't match + the date on your computer's clock, Firefox can't verify that it is + secure and will show you an error page. + </p> + <p> + Such issues can often be fixed by setting the correct date, time and + time zone on your computer system. If this does not solve the problem, + it could be caused by other issues, such as a misconfigured web server + or an expired certificate. + </p> + <div id="toc"> + <h2>Table of Contents</h2> + <ul> + <li class="toclevel-1"> + <a href="#w_list-of-time-related-error-codes-you-may-encounter"> + <span class="tocnumber">1</span> + <span class="toctext" + >List of time-related error codes you may encounter</span + > + </a> + </li> + <li class="toclevel-1"> + <a href="#w_set-your-system-clock-to-the-correct-time"> + <span class="tocnumber">2</span> + <span class="toctext" + >Set your system clock to the correct time</span + > + </a> + </li> + <li class="toclevel-1"> + <a href="#w_contact-the-website-owner"> + <span class="tocnumber">3</span> + <span class="toctext">Contact the website owner</span> + </a> + </li> + <li class="toclevel-1"> + <a href="#w_bypass-the-warning"> + <span class="tocnumber">4</span> + <span class="toctext">Bypass the warning</span> + </a> + </li> + </ul> + </div> + <h1 id="w_list-of-time-related-error-codes-you-may-encounter"> + List of time-related error codes you may encounter + </h1> + <div class="for" data-for="fx66"> + <div class="note"> + <strong>Note:</strong> A <em>Your Computer Clock is Wrong</em> error + page almost certainly means that your computer's clock is set to the + wrong date. Some time-related errors will show a + <em>Warning: Potential Security Risk Ahead</em> error page. For other + time-related errors, you'll get a <em>Secure Connection Failed</em> or + <em>Did Not Connect: Potential Security Issue</em> error page. + </div> + <p> + <span class="for" data-for="=fx66"></span> + <span class="for" data-for="fx67"></span> + </p> + <p> + Click + <span class="for" data-for="not fx67"> + <span class="button">More Information</span> or + <span class="button">Advanced…</span>, depending on the error page, + </span> + <span class="for" data-for="fx67"> + <span class="button">Advanced…</span> on the error page</span + > + to view the error code. One of the following error codes will indicate + that the secure connection couldn't be established due to a + time-related error: + </p> + </div> + <div class="for" data-for="not fx66"> + <div class="note"> + <strong>Note:</strong> If you get a + <em>Your connection is not secure</em> error page, click the + <span class="button">Advanced</span> button to view the error code and + other details. A <em>Secure Connection Failed</em> error page may also + indicate a time-related error. + </div> + <p> + One of the following error codes will indicate that the secure + connection couldn't be established due to a time-related error: + </p> + </div> + <p> + <sub>SEC_ERROR_EXPIRED_CERTIFICATE</sub><br /> + <sub>SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE</sub><br /> + <sub>SEC_ERROR_OCSP_FUTURE_RESPONSE</sub><br /> + <sub>SEC_ERROR_OCSP_OLD_RESPONSE</sub><br /> + <sub>MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE</sub><br /> + <sub>MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE</sub> + </p> + <p> + The text on the error page will warn you when Firefox detects that your + system date and time is probably wrong and will also show the date and + time currently set in your system. If the clock settings are incorrect + you should set it to the right time<span class="for" data-for="win,mac"> + as explained below</span + >. Even if the displayed time settings seem to be correct, you should + make sure that the time zone settings of your system match your current + location. + </p> + <h1 id="w_set-your-system-clock-to-the-correct-time"> + Set your system clock to the correct time + </h1> + <p> + Time-related errors on secure websites caused by a skewed system clock + can be resolved by setting your correct date, time and time zone<span + class="for" + data-for="mac" + >:</span + ><span class="for" data-for="win,linux">.</span> + <span class="for" data-for="win"> + Change your date and time settings from the clock on the Windows + taskbar or follow these instructions:</span + > + </p> + <div class="for" data-for="win10"> + <h2>If your are on Windows 10:</h2> + <ol> + <li> + Click the Windows Start button or press the Windows key<span + class="key" + ></span + >. + </li> + <li>In the Start menu, select<span class="menu">Settings</span>.</li> + <li> + In Settings, select<span class="menu">Time & language</span>. + </li> + <li> + In the<span class="menu">Date & time</span> section you can + review the current date and time settings. To change your settings + click on <span class="button">Change</span> below + <span class="menu">Change date and time</span> or expand the + <span class="menu">Time zone</span> dropdown menu. + <div class="note"> + If your system is set to manage the time and time zone + automatically, you cannot make manual changes. + </div> + </li> + <li>If you are done with your changes, close the Settings window.</li> + </ol> + </div> + <div class="for" data-for="win8"> + <h2>If your are on Windows 8:</h2> + <ol> + <li> + From the Start Screen, click the <strong>Desktop</strong> tile. The + Desktop view will open. + </li> + <li> + From the Desktop, hover in the lower right-hand corner to access the + Charms. + </li> + <li> + Select <span class="menu">Control Panel</span> from the + <span class="menu">Settings</span> charm. The Control Panel window + will open. + <dl> + <dd></dd> + </dl> + </li> + <li> + In the Control Panel window, click on + <strong>Clock, Language, and Region</strong> and then + <strong>Date and Time</strong>. + </li> + <li> + The panel that opens shows the current date and time settings. To + change your settings click the + <span class="button">Change date and time</span> or + <span class="button">Change time zone</span> button. + </li> + <li>To confirm your changes click <span class="button">OK</span>.</li> + </ol> + </div> + <div class="for" data-for="win7"> + <h2>If your are on Windows 7:</h2> + <ol> + <li> + Click the Windows Start button or press the Windows key + <span class="key"></span>. + </li> + <li> + In the Start Menu, click <span class="menu">Control Panel</span>. + <dl> + <dd></dd> + </dl> + </li> + <li> + In the Control Panel window, click on + <strong>Clock, Language, and Region</strong> and then + <strong>Date and Time</strong>. + </li> + <li> + The panel that opens shows the current date and time settings. To + change your settings click the + <span class="button">Change date and time</span> or + <span class="button">Change time zone</span> button. + </li> + <li>To confirm your changes click <span class="button">OK</span>.</li> + </ol> + </div> + <div class="for" data-for="mac"> + <h2>If your are on Mac OS:</h2> + <ol> + <li> + Click the Apple menu and select + <span class="menu">System Preferences</span>. + </li> + <li> + In the System Preferences window, click on + <strong>Date & Time</strong>. + </li> + <li> + The panel that opens shows the current date and time settings. In + order to adjust them, disable + <span class="pref">Set date and time automatically</span>, manually + enter the date and time and click + <span class="button">Save</span> to confirm your changes. + </li> + <li> + In order to review your time zone settings, click on the + <strong>Time Zone</strong> tab. In order to adjust your time zone, + disable + <span class="pref" + >Set time zone automatically using current location</span + >, click onto your approximate location in the map and select the + city closest to you in the dropdown panel. + </li> + <li> + If you are done with your changes, close the Date & Time window. + </li> + </ol> + </div> + <div class="note"> + <strong>Note:</strong> If the clock on your device constantly resets + after you power it off, this might indicate that the battery cell that + runs the real-time clock is getting low or is empty. Please consult your + manufacturer's manual on how to replace the CMOS battery. + </div> + <h1 id="w_contact-the-website-owner">Contact the website owner</h1> + <p> + If you get a time related error on a secure website and you have already + checked the correct settings of your system’s clock, please contact the + owner of the website which you can’t access and inform them of the + problem. The website owner might need to renew the expired certificate, + for example. + </p> + <div class="for" data-for="not fx66"> + <h1 id="w_bypass-the-warning">Bypass the warning</h1> + <div class="warning"> + <strong>Warning:</strong> You should never bypass the warning for a + legitimate major website or sites where financial transactions take + place – in this case an invalid certificate can indicate that your + connection is compromised by a third party. + </div> + <p> + If you see a <em>Your connection is not secure</em> warning page and + the website allows it, you can add an exception to be able to visit + the site, despite the fact that the certificate is not trusted by + default: + </p> + <ol> + <li> + On the warning page, click <span class="button">Advanced</span>. + </li> + <li> + Click <span class="button">Add Exception…</span>. The + <em>Add Security Exception</em> dialog will appear. + </li> + <li> + Read the text describing the problems with the website. You can + click <span class="button">View…</span> + to closer inspect the untrusted certificate. + </li> + <li> + Click <span class="button">Confirm Security Exception</span> if you + are sure you want to trust the site. + </li> + </ol> + </div> + </div> + </body> +</html> |