Am i doing something wrong??? Rated 4 out of 5 stars

I have manually added "facebook.com" to the list but on returning to a previously httpS page its no longer https.

This review is for a previous version of the add-on (3.0.0.1-signed.1-signed). 

Rated 2 out of 5 stars

Why do you insist on breaking your own extension? For example, I just installed Force-TLS and noticed with glee and admiration that you finally included a site; eff.org. However you set it to expire in 32 days??? It's eff.org, man! If they go, we all go! Why would they ever expire for any reason, or any other site for that matter. I just don't have it in me to carefully monitor my whitelist everyday for arbitrary deletions, who does?

This review is for a previous version of the add-on (3.0.0.1-signed.1-signed).  This user has 3 previous reviews of this add-on.

Rated 4 out of 5 stars

Although from what I understood that FF4 should force the https on sites that does support it, it doesnt seem to be the case. The GUI is great for being able to force the site that you want. Though I'm a bit worried that there is no import/export functionality. I already have a list of 30 sites in, and wouldn't want and would be very annoyed if I have to do it again, or replicate it to my other laptops.
Kindly, give me us import/export, 4 star or else would have been 5 stars

This review is for a previous version of the add-on (3.0.0.1-signed.1-signed). 

working on it

Import/export functionality is something I'd like to add down the road... but I haven't had any time to implement it. If you'd like to work on it, send me an email (forcetls@sidstamm.com) and I'll point you to the source code.

Not reliable (doesn't work always) Rated 1 out of 5 stars

This extension doesn't work always!I manually enabled Force-SSL for some sites, but extension secured only part of HTTP requests (not all of them). This was verified with proxy server (Fiddler).
I think developers of Force-TLS should do more testing, especially with forms (with non-HTTPS targets), 302 redirects and other non-standard situations.

This review is for a previous version of the add-on (2.0). 

Force-TLS uses a "redirect to https" mechanism that's imperfect, and I'm working to try and fix that for Firefox 3.6 and earlier -- it's not simple.

Firefox 4 and later have much better support for changing non-https connections to https ones, and if you install version 3 of Force-TLS you can have the UI but the add-on will use the far superior built-in HTTPS-forcing features of Firefox 4.

Please email specific issues to forcetls@sidstamm.com and I'll try to fix them!

Good but, GUI could use some work. Rated 4 out of 5 stars

I've found the button for manually adding sites but, not for automatically launching them securely. It would be nice if there was a button in my status bar thing (the bottom panel in firefox) that would add/remove sites. Also, a universal always use HTTPS would be nice. There could then be a manual override or a blacklist type feature. Most sites I go to I really wouldn't mind the 2% overhead of knowing I'm a lot more secure.

For those that don't know: When you use https or any form of encryption for that matter there is a slight overhead (extra bandwidth) needed to send the encrypted data. This is because of two things:
1.) encrypted traffic is usually bigger than non-encrypted traffic.
2.) To enable the encryption a bit of data must first be sent back and forth so that using the magic of math both the server and your computer can learn to speak an encrypted language that no one else can understand. For more on this you could probably google cryptology.

This review is for a previous version of the add-on (2.0). 

thanks!

Thanks for the review! If you've got thoughts on additional GUI features that would come in handy, please send an email to forcetls@sidstamm.com and I'll take a look!

Rated 5 out of 5 stars

Great extension Sid. However I have some suggestions:
- Enabling the options button in the add-ons list so users will be able to remove the "Force TLS Configuration" tools menu entry if they want.
- Adding editing capabilities for each entry.
- Adding an option for creating and editing entries, which, for 2ndlevel.1stlevel , www.2ndlevel.1stlevel and www#.2ndlevel.1stlevel adresses, makes inherit the same setting than the adress entry containing 2ndlevel.1stlevel pair (or more levels) whatever the form the adress has, avoiding some potentially redudant duplicate entries.
- Adding import and export list buttons.
- Enabling Force-TLS to translate URLs to custom https URL, i.e., if I create an entry en.wikipedia.org , Force-TLS cannot translate it to its equivalent https://secure.wikimedia.org/wikipedia/en/wiki/

Thx in advance.

This review is for a previous version of the add-on (2.0). 

Thanks for the ideas

Hi strelnic. Thanks for the ideas! The next version of the add-on should have the options/preferences button enabled. I'm not sure why you'd want editing capabilities, since really you either force a site or not. Import/Export are a fine idea, and I'll try to get that into an upcoming version.

With respect to the site-rewriting rules, the Strict-Transport-Security specification doesn't provide for these, and this add-on is made for that spec. I probably won't be adding that functionality. HTTPS-Everywhere does this.

Cannot add addresses in Configuration Rated 5 out of 5 stars

I am giving 5 to this provided my problem below can be solved.

I may be having the same problem as FourTwoOmega. When I key in a webpage to add to the list it disappears as soon as I press 'Add Site' and nothing gets added. I have tried with several different addresses. Could there be a conflict with another add-on or do I need to change any settings in Firefox?

This review is for a previous version of the add-on (2.0). 

Can't add addresses?

This could be a conflict with another add-on, but is likely a corrupt profile. Try creating a new, clean profile and installing only Force-TLS. If it works, then migrate your bookmarks and stuff over and start installing other add-ons.

http://support.mozilla.com/en-US/kb/Basic+Troubleshooting?#Make_a_new_profile

Rated 4 out of 5 stars

Works very well although I have encountered two issues. 1st it blocks facebook chat, one of the only features I use on that site. 2nd it crashes aol. Yea I know aol is obsolete but it is one of my oldest accounts and I still use it to communicate with family and have saved information i still use frequently.I wish i could figure a way around these issues because this extension is great especially now with the firesheep threat.

This review is for a previous version of the add-on (2.0). 

Please Update Rated 3 out of 5 stars

Please Update it for Firefox 4.0b6

This review is for a previous version of the add-on (2.0). 

Force-TLS in Firefox 4

Hi TBABlackPanther. Firefox 4.0 already has most of Force-TLS built in as a feature called Strict-Transport-Security.

Version 3 of Force-TLS will work in firefox 4!

Seems OK Rated 4 out of 5 stars

@rroberto
This place are for Firefox not for other browsers.
If you looking for a plugin for Chrome look for this one
KB SSL Enforcer

Have just installed ForceTLS. So far there is no problem to use it

This review is for a previous version of the add-on (2.0). 

Rated 4 out of 5 stars

Force-TLS is definitely a good thing to have installed, especially now with things like Firesheep available to just anyone.

The only problem I'm having with it is that I can't add any sites manually; no matter what I enter for an address in the configuration window, nothing gets added, and the site still uses http by default (although stdout makes it appear that everything went fine).

This review is for a previous version of the add-on (2.0). 

Rated 3 out of 5 stars

Installation: What's up with being on this site yet getting two download warnings not to trust the source? Both can't be accurate.

Other versions? Like one for IE8 and/or Chrome ?

This review is for a previous version of the add-on (2.0). 

Great when it works Rated 4 out of 5 stars

This worked great with 3.6, but not 4.0b6. Any ETA for support? Thanks!

This review is for a previous version of the add-on (2.0). 

Hi dsrw,
Most of ForceTLS is already built into Firefox 4! To get the UI bits, you want to use the STS-UI add-on: https://addons.mozilla.org/en-US/firefox/addon/246797/

Can't get Amazon to work. Rated 4 out of 5 stars

Got Facebook to work with no problems so far, got Google to work with a bit of effort as well. However, adding amazon.com presents a "This Connection is Untrusted" message.I shouldn't even have to add Amazon because you'd think a shopping site would use a secure connection.I also agree with the others that a list should be added.

This review is for a previous version of the add-on (2.0). 

Hi Jesuszilla, Not all sites are configured properly for completely secure access. ForceTLS may break sites if you add them to the list yourself.

Blocks profile picture in Facebook Rated 3 out of 5 stars

I installed this and added a few sites to the list. After adding www.facebook.com, my profile picture no longer shows up on my profile or on any of my posts. After removing Facebook from the list, the picture shows up fine.

This review is for a previous version of the add-on (2.0). 

Hi Paul,

You should try adding facebook.com (instead of "www.facebook.com"), and tick the "include subdomains" check box too. Hopefully this will help. Facebook doesn't serve all of its content from one domain, so there might be some strange behaviors when using ForceTLS with the site. I tried it myself, and Facebook seemed to work fine, but send an email to the contact for this add-on if you want some help troubleshooting.

Rated 5 out of 5 stars

Thanks, all Vietnamese ISPs suddenly block Facebook w/o further notice or reasons, and even OpenDNS can't bypass. Thanks for your add-on, we again can experience media's freedom.

This review is for a previous version of the add-on (2.0). 

Rated 5 out of 5 stars

Great add-on! Two of my webmail accounts were not secure (and one from my ISP!), so this helps out a lot. And like gishpuppy, my paranoia is subsiding! Thanks Sid for the add-on and your outstanding support (I had a minor problem he helped me resolve in a timely and very customer-friendly way)!

This review is for a previous version of the add-on (2.0). 

Rated 5 out of 5 stars

You rock. This should be mainstreamed now.

This review is for a previous version of the add-on (2.0). 

Rated 4 out of 5 stars

I report a problem. When I forced some Google services e.g. Google reader, calendar, to use SSL.
https://www.google.com/reader
https://www.google.com/calendar
it shows as *.www.google.com and the search function in the quick search doesn't work any more. i.e. if you type the key words in the search and press enter but no results showed.

This review is for a previous version of the add-on (2.0). 

Rated 5 out of 5 stars

no longer works with 3.7a2pre don't forces sites to https for me any longer :( now im unsecure

This review is for a previous version of the add-on (2.0).