New
#1
How do I disable HSTS in Firefox ESR?
I have Firefox ESR 45.4.0 running on a laptop with Windows 7 Enterprise.
Since installing security updates two days ago, Firefox has been unable to access certain sites, mostly notably Google and YouTube. It complains that the connection is insecure and gives an SEC_ERROR_UNKNOWN_ISSUER error code. There is no option to add an exception. I can still access those websites normally using Internet Explorer.
From what I gather, this is due to HSTS enforcement. I've tried several workarounds, none of which have helped:
- Disabled the "Query OCSP responder servers to confirm the current validity of certificates" option
- Disabled HSTS by creating a variable test.currentTimeOffsetSeconds with a value of 11491200
- Disabled TLS by changing security.tls.version.min to 0
- Refreshed Firefox
- Imported updated certificates provided by my company
- Changed the system time to a date before the issue started occurring (only worked for one site)
I'm sure the solution is very simple, but I can't figure it out for the life of me. Anyone know what I'm doing wrong?
For the record, the problem only occurs when I'm connected to our corporate network. There are no issues if I use any other Wi-Fi connection.