not compatible with firefox 36.0.1 Rated 1 out of 5 stars
I can add domains to forcetls addon list but I cant remove them.
and adding and removing them has no effect on the permission page on page info.and enabling the permission in page info has no effect whatsoever on website trying to go to https version.
and the list is no longer populated with website that advertise the hsts and its max age.
so basically it doesn't work.
作者と連絡が取れないアドオン Rated 1 out of 5 stars
I am looking for the opposite plugin Rated 1 out of 5 stars
Hi, I am looking for the exact opposite of this plugin. I use Firefox 9 with TLS deliberately deactivated in about:config. I would prefer SSL1 to SSL2, and SSL2 to SSL3. Surely Firefox can do this in proper ascending, rather than descending order? Everyone seems to be getting it BACKWARDS.
Seems not working Rated 1 out of 5 stars
SSL Button not detecting https site version
Domain manualy added to SSL list keeps on http
Looking for working alternaive
Latest Firefox version
the site of Sid Stamm is not https!? O.o Rated 4 out of 5 stars
Difficulty opening the same site of Sid Stamm. I installed Force-TLS but when i click on the link of your site it does not open! =D
the site of Sid Stamm is not https!? O.o
adds the missing HSTS manager for firefox Rated 5 out of 5 stars
Great extension, adds a HSTS manager than Firefox lacks for some unknown reason (but Chrome has).
Bug Report: if a domain is added for forced SSL and then Firefox encounters a self-signed (untrusted) certificate, you cannot accept the certificate - it will go into an endless loop - until you remove the domain from ForceTLS and then accept the certificate
Wishlist: ability to easily see/save the difference between the pre-loaded HSTS that comes with newer Firefox and user-defined (or maybe permanent vs non-permanent) ala a search filter at the bottom of the list
ps. add HSTS to your tags for this extension
to help google: chrome://net-internals/#hsts for firefox
useful but avg user may not need it Rated 4 out of 5 stars
Firefox already respects Strict-Transport-Security, maintaining an internal list of sites that declare that the browser should always use https to access them. This prevents someone from spoofing as this site (man in the middle) but with plain HTTP. It also has the added benefit of simply forcing encrypytion to protect your data in case you tried to visit the plain HTTP site (particularly from a public/open hotspot) -- much like the Electronic Frontier Foundation's "HTTPS-everywhere" (eff.org) add-on except that the latter uses list maintained by the EFF rather than as self-identified by each site.
The benefit of the Force TLS add-on is that it provides a nice GUI for displaying and modifying Firefox's list of STS sites -- although the usefulness of this is limited by the limited number of sites that set a Strict Transport Security header.
Also, one can easily add a site in the GUI, whereas HTTPS-Everywhere requires hand-editing arcane xml for the user to add a new site!
HTTPS-Everywhere on eff.org has the sizable aforementioned list of sites that *can* use HTTPS in place of HTTP, even if the sites don't themselves request that the browser always do so. I guess HTTPS-Everywhere can use more flexible rules, but again at the price of requiring you to write XML to define each of them. Also HTPPS-Everywhere provides a button showing any entries for the current site and the ability to disable/enable these entries (but not add a new one).
You might try using *both* of these add-ons together. Perhaps, in the future, one of these add-ons could provide the benefits of both.
However, this addon may not be needed by an avg user who doesn't want to know what's going on at this level of detail. For him/her, the HTTPS Finder addon might be a better choice, perhaps in combination with HTTPS Everywhere. HTTPS Finder tests whether the present HTTP site has an HTTPS version having the same URI, and offers to switch you to it.
Rated 3 out of 5 stars
it'd be great to have an option to force non https connections too
i agree with Tommy Åsén because i have the same problem with some sites.
it is an awesome add-on but it just needs that one small problem fixed / sorted
so please i must ask you to update your add-on
try to show us it's full potential
love it, but would need a little thing Rated 4 out of 5 stars
It's great to be able to click links and always have the https version as some sites dont handle http well.
However i have one site where a subdomain is the exact oppiosite, https doesn't work at all so it'd be great to have an option to force non https connections too
Useful but incomplete addon Rated 4 out of 5 stars
Very useful to access secure sites otherwise blocked by my ISP.
Since this addon allows you to maintain a *list* of sites, it's obvious that users may need to export/import the addon's setting. Hence the 4 star.
Meanwhile for those who want to copy/backup the settings from one profile to another, do this:
- Start Run(Win+R), type "%appdata%\Mozilla\Firefox\Profiles" (w/ or w/o quotes) and hit Enter. Here you'll find your Firefox profile(s).
- Copy the 'permissions.sqlite' file from your profile directory to the new profile dir (or a backup directory)
Rated 5 out of 5 stars
Robert Vamosi reports in today's Windows Secrets newsletter that "Firefox 5 also automatically connects your browser to secure webpages (https) when they exist, eliminating the need for third-party, add-on apps such as Force-TLS and HTTPS Everywhere." Does Force-TLS add any value to Firefox 5?This review is for a previous version of the add-on (3.0.0).
import/export function Rated 5 out of 5 stars
By any chance can you please add an import/export function, so all you have to do for the next browser update would be just install the addon, then hit the import button which could, pop-up a normal explorer window, so that the user can pick their custom list. You may have to add a few allowed list extensions like .txt ; .doc; docx etc. Just an idea, if need help on doing that ask for help from Justin Scott (fligtar) https://addons.mozilla.org/en-US/firefox/user/9945/ he already added that to his addon.This review is for a previous version of the add-on (3.0.0).
Hi Taylor! Yes, many people are requesting the import/export function, but I don't have a whole lot of time to work on Force-TLS. If you're interested in helping code that feature, drop me a line at firstname.lastname@example.org and I'll point you to the docs and source code.
Rated 1 out of 5 stars
Shows that is will work for FF5 but does not work. Was using it with FF4 with no problems. It installs fine in FF5 but just does not work anymore.
Please update asap for FF5! Thanks!!
One more privacy and security tool! Rated 4 out of 5 stars
I put this one in my Apollo! Pack! collection because it is one more tool for us to help plug one more leak. Maybe FF4 has this built in but 4 is a disaster. I urge people to run 3.6 until they fix 4 or maybe when they release 5 they will get their act together. Till then this one fills a void.This review is for a previous version of the add-on (3.0.0).
Am i doing something wrong??? Rated 4 out of 5 stars
I have manually added "facebook.com" to the list but on returning to a previously httpS page its no longer https.This review is for a previous version of the add-on (3.0.0).
Rated 2 out of 5 stars
Why do you insist on breaking your own extension? For example, I just installed Force-TLS and noticed with glee and admiration that you finally included a site; eff.org. However you set it to expire in 32 days??? It's eff.org, man! If they go, we all go! Why would they ever expire for any reason, or any other site for that matter. I just don't have it in me to carefully monitor my whitelist everyday for arbitrary deletions, who does?This review is for a previous version of the add-on (3.0.0). This user has 3 previous reviews of this add-on.
Rated 4 out of 5 stars
Although from what I understood that FF4 should force the https on sites that does support it, it doesnt seem to be the case. The GUI is great for being able to force the site that you want. Though I'm a bit worried that there is no import/export functionality. I already have a list of 30 sites in, and wouldn't want and would be very annoyed if I have to do it again, or replicate it to my other laptops.
Kindly, give me us import/export, 4 star or else would have been 5 stars
working on it
Import/export functionality is something I'd like to add down the road... but I haven't had any time to implement it. If you'd like to work on it, send me an email (email@example.com) and I'll point you to the source code.
Not reliable (doesn't work always) Rated 1 out of 5 stars
This extension doesn't work always!I manually enabled Force-SSL for some sites, but extension secured only part of HTTP requests (not all of them). This was verified with proxy server (Fiddler).
I think developers of Force-TLS should do more testing, especially with forms (with non-HTTPS targets), 302 redirects and other non-standard situations.
Force-TLS uses a "redirect to https" mechanism that's imperfect, and I'm working to try and fix that for Firefox 3.6 and earlier -- it's not simple.
Firefox 4 and later have much better support for changing non-https connections to https ones, and if you install version 3 of Force-TLS you can have the UI but the add-on will use the far superior built-in HTTPS-forcing features of Firefox 4.
Please email specific issues to firstname.lastname@example.org and I'll try to fix them!
Good but, GUI could use some work. Rated 4 out of 5 stars
I've found the button for manually adding sites but, not for automatically launching them securely. It would be nice if there was a button in my status bar thing (the bottom panel in firefox) that would add/remove sites. Also, a universal always use HTTPS would be nice. There could then be a manual override or a blacklist type feature. Most sites I go to I really wouldn't mind the 2% overhead of knowing I'm a lot more secure.
For those that don't know: When you use https or any form of encryption for that matter there is a slight overhead (extra bandwidth) needed to send the encrypted data. This is because of two things:
1.) encrypted traffic is usually bigger than non-encrypted traffic.
2.) To enable the encryption a bit of data must first be sent back and forth so that using the magic of math both the server and your computer can learn to speak an encrypted language that no one else can understand. For more on this you could probably google cryptology.
Thanks for the review! If you've got thoughts on additional GUI features that would come in handy, please send an email to email@example.com and I'll take a look!
Rated 5 out of 5 stars
Great extension Sid. However I have some suggestions:
- Enabling the options button in the add-ons list so users will be able to remove the "Force TLS Configuration" tools menu entry if they want.
- Adding editing capabilities for each entry.
- Adding an option for creating and editing entries, which, for 2ndlevel.1stlevel , www.2ndlevel.1stlevel and www#.2ndlevel.1stlevel adresses, makes inherit the same setting than the adress entry containing 2ndlevel.1stlevel pair (or more levels) whatever the form the adress has, avoiding some potentially redudant duplicate entries.
- Adding import and export list buttons.
- Enabling Force-TLS to translate URLs to custom https URL, i.e., if I create an entry en.wikipedia.org , Force-TLS cannot translate it to its equivalent https://secure.wikimedia.org/wikipedia/en/wiki/
Thx in advance.
Thanks for the ideas
Hi strelnic. Thanks for the ideas! The next version of the add-on should have the options/preferences button enabled. I'm not sure why you'd want editing capabilities, since really you either force a site or not. Import/Export are a fine idea, and I'll try to get that into an upcoming version.
With respect to the site-rewriting rules, the Strict-Transport-Security specification doesn't provide for these, and this add-on is made for that spec. I probably won't be adding that functionality. HTTPS-Everywhere does this.