cancel
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

SSL connection problem

Confusedssl
2: Seeker
2: Seeker

I am getting an error when trying to access a specific website that the connection is not secure. When I look at the SSL chain, the certificate root is Vodafone's Internal Root CA. What's going on? I spoke to Helpdesk who asked me to reboot my router and disabled my content controls, neither of which address the problem

8 REPLIES 8

Confusedssl
2: Seeker
2: Seeker

I posted this previously with screenshots but it was blocked for spam *sigh*

The website I am trying to access is rt-dot-com and the ssl cert is from iwf-dot-internal-dot-vodafone-dot-co-dot-uk

IWF = Internet Watch Foundation which is meant to be about preventing access to child abuse. Why is this being issued again RT-dot-com

Trying to access rt.com on my phone and getting message ssl cert is not valid. Looking at details Vodafone have intercepted and issued their own certificate. Worryingly, the cert namespace suggests it's for IWF, Internet Watch Foundation.

 

What's going on here? Why are Vodafone inserting themselves into my ssl connections?

Screenshot_20220512-123625_Samsung Internet.jpg

Jayach
16: Advanced member
16: Advanced member

Why would you want to access a site that contains nothing but lies and propaganda?

Jayach_0-1652366493753.png

 

The issue at hand isn't the website, the issue is Vodafone intercepting the request AND issuing their own SSL certificate which completely breaks the connection. The certificate is invalid since the root CA is Vodafone Internal.

 

Surely this can't be intentional? If they wanted to block rt-dot-com, there are other ways to do it at a DNS or network level. 

Jayach
16: Advanced member
16: Advanced member

@Confusedssl wrote:

Surely this can't be intentional? If they wanted to block rt-dot-com, there are other ways to do it at a DNS or network level. 


I can't imagine it happening accidentally.

CrimsonLiar
16: Advanced member
16: Advanced member

A number of Russian propaganda sites are no longer viewable from the UK.  It's mostly caused by certificates being revoked by issuers.  It's a combination of trade sanctions and private companies no longer wishing to deal with Russian businesses.

@CrimsonLiar do you have anything to support your assertion "It's mostly caused by certificates being revoked by issuers."? Other blocked websites don't exhibit this behaviour 

 

@This is how I see it in my browser. If this is intentional, it is very slopp

Screenshot_20220512-212451_Gallery.jpg

Screenshot_20220512-212634_Gallery.jpg

See https://www.consilium.europa.eu/en/policies/sanctions/restrictive-measures-against-russia-over-ukrai... for an explanation of sanctions so far imposed - which include not only RT TV, but also blocking its internet presence

 

It is possible for individuals with a modicum of expertise to circumvent the blocks, but that is down to the individual and not something that I am prepared to discuss or promote beyond that it is possible and that there could potentially be consequences for sanctions-busting.