Can Firefox add-ons access information in the SSL/TLS handshake?

jetwhiz · October 29, 2015, 1:44pm

I’ve been searching through the API documentation all day, but haven’t been able to find anything that gives access to information contained in the SSL/TLS handshake (such as the modulus value provided by the server). Everything I can see is for accessing the HTTP headers after the handshake is already completed.

Is this possible to do with add-ons in Firefox? I realize I can get the modulus prime value by querying the server with OpenSSL in a separate request, but I want to see which prime value the Firefox HTTPS requests are receiving each time requests are made.

jorgev · November 3, 2015, 5:23pm

That sounds like it’s too low-level to be exposed by any XPCOM API.

noitidart · November 5, 2015, 11:18am

I came across an addon that mentioned TLS, you might find this interesting, although not really an answer to your topic: https://addons.mozilla.org/en-US/firefox/addon/moonlight-tls-control/

jetwhiz · November 9, 2015, 8:25pm

That’s what I was worried about … I’m thinking the only option would be to watch the traffic from outside of Firefox and pipe the info into the plugin somehow.

Do you know of any other option to pull this off from within Firefox, without needing to write external software?

jorgev · November 10, 2015, 5:24pm

Nothing comes to mind.

desktopd · May 16, 2016, 1:26pm

More about custom TLS (not necessarily HTTPS):
Can we make a TLS connection with different verification settings without affecting global settings?

Possible case 1: Ignore any verification errors for a certain connection (because no authenticity is assumed)
Possible case 2: Require the server certificate to match a certain fingerprint for a connection. But it is not in the trust store (nor should it be)
Possible case 3: Require the server certificate to be signed with a certain certificate for a connection. But it is not necessarily in the trust store.

Also, can we get the server certificate from a TLS connection? It may not be for HTTPS. We sometimes want to use raw connections, especially to implement TLS’d protocols. What API can we use? Of course, WebSockets are not always usable. We’re tired of binary components or js-ctypes.
hint: we’re planning a new add-on – it will be amazing, I promise!

EDIT

HTTPS Everywhere seems to use js-ctypes just for SSL Observatory.

joana · November 12, 2017, 8:17pm

hello, please help, i will buy a comodo ssl certificate from xeroxhost and i contact support, he install my ssl, but i go to mozilla firefox and run my website www.example.com to not show my ssl green bar and go https://example.com to show green bar,
how to all time show my website ssl secure green bar