You are not logged in.

#1 2021-02-09 18:51:09

damnbug
Member
Registered: 2012-09-18
Posts: 56

Tor Browser "connection not secure"

Although Tor Browser is not an official Arch Linux package (it's available on AUR), some official package upgrade affected it. The issue is that every encrypted clearnet website is shown as providing an "insecure connection" when the connection is actually encrypted, with some websites not loading correctly or not loading at all.

More information available here:

https://gitlab.torproject.org/tpo/appli … sues/40328

https://old.reddit.com/r/TOR/comments/l … onnection/

https://aur.archlinux.org/packages/tor-browser/

Last edited by damnbug (2021-02-09 18:53:59)

Offline

#2 2021-02-09 20:33:12

loqs
Member
Registered: 2014-03-06
Posts: 12,987

Re: Tor Browser "connection not secure"

Do you use firejail or linux-lts? https://bbs.archlinux.org/viewtopic.php?id=263376

Last edited by loqs (2021-02-09 20:35:08)

Offline

#3 2021-02-10 02:49:06

damnbug
Member
Registered: 2012-09-18
Posts: 56

Re: Tor Browser "connection not secure"

loqs wrote:

Do you use firejail or linux-lts? https://bbs.archlinux.org/viewtopic.php?id=263376

No, but I think I've found the culprit.

After downgrading glibc (2.33-3 -> 2.32-4) and lib32-glibc (2.33-3 -> 2.32-4) - DON'T DOWNGRADE THESE PACKAGES -, the issue was gone from Tor Browser. But then I had to boot Arch Linux live CD to upgrade the two packages to fix the system.

So yeah, it seems to be an issue related to glibc.

Offline

#4 2021-02-10 02:58:43

loqs
Member
Registered: 2014-03-06
Posts: 12,987

Re: Tor Browser "connection not secure"

If you are not using linux-lts or firejail that eliminates the known issues with the glibc update.
Edit:
Does https://aur.archlinux.org/packages/firefox-esr-bin/ also have the issue?  I believe Tor Browser uses firefox ESR as its base.

Last edited by loqs (2021-02-10 03:18:15)

Offline

#5 2021-02-10 03:18:25

damnbug
Member
Registered: 2012-09-18
Posts: 56

Re: Tor Browser "connection not secure"

Installed packages:

linux 5.10.14-arch1-1

linux-api-headers 5.10.13-1

glibc 2.33-3

lib32-glib 2.33-3

gcc 10.2.0-6

gcc-libs 10.2.0-6

Edit: I haven't tried Firefox ESR, but that shouldn't be the problem, as downgrading glibc and lib32-glibc (don't do this) solved the problem in Tor Browser.

Last edited by damnbug (2021-02-10 03:22:07)

Offline

#6 2021-02-10 03:59:02

loqs
Member
Registered: 2014-03-06
Posts: 12,987

Re: Tor Browser "connection not secure"

I suggest testing Firefox ESR to see if it is a patch or build option specific to Tor Browser.
https://gitlab.torproject.org/tpo/appli … te_2725046 reports the issue is not present using Firefox ESR.
https://old.reddit.com/r/TOR/comments/l … n/gmkl8tk/ reports the issue is not present using the alpha release of Tor Browser.
A patch or build option that is used for the current release but not the alpha release?
Edit:
If you reduce the level of security.sandbox.content.level in tor browser does that have any effect?  (May need a restart)

Last edited by loqs (2021-02-10 16:19:39)

Offline

#7 2021-02-10 17:39:34

damnbug
Member
Registered: 2012-09-18
Posts: 56

Re: Tor Browser "connection not secure"

security.sandbox.content.level doesn't affect it.

Offline

#8 2021-02-10 18:05:46

loqs
Member
Registered: 2014-03-06
Posts: 12,987

Re: Tor Browser "connection not secure"

Anything in browser console (Ctrl + Shift + J)?  You could also try https://aur.archlinux.org/packages/glibc-linux4/ which removes use of newer kernel calls from glibc,  see package comments for possible incompatibility.
Or wait for the Tor Browser team to resolve the issue.  Possibly ask them to reproduce the issue in a VM running Arch. (VM ensures using the Arch provided kernel and avoids issues with glibc 2.33 and containers)
Edit:
Can you try glibc 2.33-2 https://archive.archlinux.org/packages/g/glibc/ and lib32-glibc 2.33-2 https://archive.archlinux.org/packages/l/lib32-glibc/
for https://gitlab.torproject.org/tpo/appli … te_2725462

I believe The 2.33-1 packages were broken due to a bad tool chain update requiring the -2 release.  You could try them anyway but be ready for an un-bootable system.

Last edited by loqs (2021-02-10 22:30:44)

Offline

#9 2021-02-11 00:30:29

damnbug
Member
Registered: 2012-09-18
Posts: 56

Re: Tor Browser "connection not secure"

It's fixed in version 10.5a8.

I'm not in the mood to break the system on purpose. I'll just use Alpha version in the meanwhile.

Offline

#10 2021-02-11 00:53:01

loqs
Member
Registered: 2014-03-06
Posts: 12,987

Re: Tor Browser "connection not secure"

Do you want to mark the thread [SOLVED]?

Offline

Board footer

Powered by FluxBB