SSL Error: smth wrong with Certificate Transparency policy

  • Today I found out that Opera no longer lets me to access mail.ru. However, in other browsers on my OS all works fine, so certificate is ok.
    "The server presented a certificate that was not publicly disclosed using the Certificate Transparency policy."
    But according to Certificate Transparency report (https://www.google.com/transparencyreport/https/ct/) for this site - it's cert is listed, so it should be trusted by opera, but it doesn't.
    What could be the problem?

  • I'm having the same issue with yahoo login https://login.yahoo.com. I can login using Firefox or Chrome but Opera generates the message "The server presented a certificate that was not publicly disclosed using the Certificate Transparency policy." and only lets me "Return to Safety". As above the the certificate for login.yahoo.com is listed

  • It does the same thing when I try to go to the Amazon website. A bug maybe?

  • My only guess is that this has something to do with Opera's VPN feature, as I've been using the VPN when this notification was received. This is of concern to say the least, as it brings to mind SSL man-in-the-middle exploits.

  • My only guess is that this has something to do with Opera's VPN feature, as I've been using the VPN when this notification was received. This is of concern to say the least, as it brings to mind SSL man-in-the-middle exploits.

    MY NEXT GUESS: This appears to be an issue with HSTS (HTTP Strict Transport Security).
    From Wikipedia: "TTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections,[1] and never via the insecure HTTP protocol."

    It also seems that some users may tweak Opera settings regarding HSTS by going to opera://net-internals/#hsts I suppose by adding some sort of exception as per: http://classically.me/blogs/how-clear-hsts-settings-major-browsers BUT...

    I get forwarded to a web search when I try to go to that blog post about clearing HSTS for specific domains, so perhaps it is a bug or only perhaps the customization page is available in other Opera versions, like the one for Windows? EDIT: Now all of a sudden the link chrome://net-internals/#hsts IS working for me

    Considering that the blog post was written in Feb 2014, it's strange that the issue would just be seen now, so I'm leaning towards bug.

  • And... here's a list of sites that hardcoded to use HSTS. Theoretically, all these sites should give the problem and not pull up. mail.ru and amazon.com are included

Log in to reply
 

Looks like your connection to Opera forums was lost, please wait while we try to reconnect.