Firefox will launch a new solution to completely resolve HTTPS connection
In the past few months, Firefox has repeatedly experienced compatibility with anti-virus software, which can cause HTTPS sites to crash randomly. Currently, some anti-virus software will automatically install the certificate to hijack HTTPS traffic and then decrypt it to determine if the website is a malicious website. Although this approach seems to be hijacking, anti-virus software is more reliable for some primary users, so the industry does not object to this kind of bona fide hijacking.
Users who use Firefox as the main browser should know Firefox’s own certificate system, so it is not called the digital certificate library pre-installed by the operating system. The anti-virus software directly inserts the self-signed certificate into the system certificate library, so that the encrypted traffic can be directly decrypted when the user browses the website. However, anti-virus software cannot decrypt the encrypted traffic of Firefox because anti-virus software cannot directly insert its self-signed certificate into Firefox. This is also the reason why Firefox browser has repeated compatibility problems with AVAST and AVG in the past six months. After all, it is the problem caused by the HTTPS certificate.
Although Firefox has repeatedly fixed this issue in several versions in the past, however, this problem has not been completely resolved, it will still happen. This creates a very bad experience for the user, so the Firefox team decided to start with the next version and by default enable some advanced settings for the browser. After this advanced setting is enabled, Firefox will automatically import the operating system certificate library to import the anti-virus software’s self-signed certificate into conflict resolution. In fact, the above problems only affect AVG/AVAST two anti-virus software, but importing the operating system certificate library is a security reduction for Firefox. The purpose of Firefox’s self-built certificate library is to control the certificate library to quickly solve security problems.