useful but avg user may not need it Rated 4 out of 5 stars
Firefox already respects Strict-Transport-Security, maintaining an internal list of sites that declare that the browser should always use https to access them. This prevents someone from spoofing as this site (man in the middle) but with plain HTTP. It also has the added benefit of simply forcing encrypytion to protect your data in case you tried to visit the plain HTTP site (particularly from a public/open hotspot) -- much like the Electronic Frontier Foundation's "HTTPS-everywhere" (eff.org) add-on except that the latter uses list maintained by the EFF rather than as self-identified by each site.
The benefit of the Force TLS add-on is that it provides a nice GUI for displaying and modifying Firefox's list of STS sites -- although the usefulness of this is limited by the limited number of sites that set a Strict Transport Security header.
Also, one can easily add a site in the GUI, whereas HTTPS-Everywhere requires hand-editing arcane xml for the user to add a new site!
HTTPS-Everywhere on eff.org has the sizable aforementioned list of sites that *can* use HTTPS in place of HTTP, even if the sites don't themselves request that the browser always do so. I guess HTTPS-Everywhere can use more flexible rules, but again at the price of requiring you to write XML to define each of them. Also HTPPS-Everywhere provides a button showing any entries for the current site and the ability to disable/enable these entries (but not add a new one).
You might try using *both* of these add-ons together. Perhaps, in the future, one of these add-ons could provide the benefits of both.
However, this addon may not be needed by an avg user who doesn't want to know what's going on at this level of detail. For him/her, the HTTPS Finder addon might be a better choice, perhaps in combination with HTTPS Everywhere. HTTPS Finder tests whether the present HTTP site has an HTTPS version having the same URI, and offers to switch you to it.
Rated 3 out of 5 stars
it'd be great to have an option to force non https connections too
i agree with Tommy Åsén because i have the same problem with some sites.
it is an awesome add-on but it just needs that one small problem fixed / sorted
so please i must ask you to update your add-on
try to show us it's full potential
love it, but would need a little thing Rated 4 out of 5 stars
It's great to be able to click links and always have the https version as some sites dont handle http well.
However i have one site where a subdomain is the exact oppiosite, https doesn't work at all so it'd be great to have an option to force non https connections too
Useful but incomplete addon Rated 4 out of 5 stars
Very useful to access secure sites otherwise blocked by my ISP.
Since this addon allows you to maintain a *list* of sites, it's obvious that users may need to export/import the addon's setting. Hence the 4 star.
Meanwhile for those who want to copy/backup the settings from one profile to another, do this:
- Start Run(Win+R), type "%appdata%\Mozilla\Firefox\Profiles" (w/ or w/o quotes) and hit Enter. Here you'll find your Firefox profile(s).
- Copy the 'permissions.sqlite' file from your profile directory to the new profile dir (or a backup directory)
Rated 5 out of 5 stars
Robert Vamosi reports in today's Windows Secrets newsletter that "Firefox 5 also automatically connects your browser to secure webpages (https) when they exist, eliminating the need for third-party, add-on apps such as Force-TLS and HTTPS Everywhere." Does Force-TLS add any value to Firefox 5?This review is for a previous version of the add-on (3.0.0).
import/export function Rated 5 out of 5 stars
By any chance can you please add an import/export function, so all you have to do for the next browser update would be just install the addon, then hit the import button which could, pop-up a normal explorer window, so that the user can pick their custom list. You may have to add a few allowed list extensions like .txt ; .doc; docx etc. Just an idea, if need help on doing that ask for help from Justin Scott (fligtar) https://addons.mozilla.org/en-US/firefox/user/9945/ he already added that to his addon.This review is for a previous version of the add-on (3.0.0).
Hi Taylor! Yes, many people are requesting the import/export function, but I don't have a whole lot of time to work on Force-TLS. If you're interested in helping code that feature, drop me a line at firstname.lastname@example.org and I'll point you to the docs and source code.
Rated 1 out of 5 stars
Shows that is will work for FF5 but does not work. Was using it with FF4 with no problems. It installs fine in FF5 but just does not work anymore.
Please update asap for FF5! Thanks!!
One more privacy and security tool! Rated 4 out of 5 stars
I put this one in my Apollo! Pack! collection because it is one more tool for us to help plug one more leak. Maybe FF4 has this built in but 4 is a disaster. I urge people to run 3.6 until they fix 4 or maybe when they release 5 they will get their act together. Till then this one fills a void.This review is for a previous version of the add-on (3.0.0).
Am i doing something wrong??? Rated 4 out of 5 stars
I have manually added "facebook.com" to the list but on returning to a previously httpS page its no longer https.This review is for a previous version of the add-on (3.0.0).
Rated 2 out of 5 stars
Why do you insist on breaking your own extension? For example, I just installed Force-TLS and noticed with glee and admiration that you finally included a site; eff.org. However you set it to expire in 32 days??? It's eff.org, man! If they go, we all go! Why would they ever expire for any reason, or any other site for that matter. I just don't have it in me to carefully monitor my whitelist everyday for arbitrary deletions, who does?This review is for a previous version of the add-on (3.0.0). This user has 3 previous reviews of this add-on.
Rated 4 out of 5 stars
Although from what I understood that FF4 should force the https on sites that does support it, it doesnt seem to be the case. The GUI is great for being able to force the site that you want. Though I'm a bit worried that there is no import/export functionality. I already have a list of 30 sites in, and wouldn't want and would be very annoyed if I have to do it again, or replicate it to my other laptops.
Kindly, give me us import/export, 4 star or else would have been 5 stars
working on it
Import/export functionality is something I'd like to add down the road... but I haven't had any time to implement it. If you'd like to work on it, send me an email (email@example.com) and I'll point you to the source code.
Not reliable (doesn't work always) Rated 1 out of 5 stars
This extension doesn't work always!I manually enabled Force-SSL for some sites, but extension secured only part of HTTP requests (not all of them). This was verified with proxy server (Fiddler).
I think developers of Force-TLS should do more testing, especially with forms (with non-HTTPS targets), 302 redirects and other non-standard situations.
Force-TLS uses a "redirect to https" mechanism that's imperfect, and I'm working to try and fix that for Firefox 3.6 and earlier -- it's not simple.
Firefox 4 and later have much better support for changing non-https connections to https ones, and if you install version 3 of Force-TLS you can have the UI but the add-on will use the far superior built-in HTTPS-forcing features of Firefox 4.
Please email specific issues to firstname.lastname@example.org and I'll try to fix them!
Good but, GUI could use some work. Rated 4 out of 5 stars
I've found the button for manually adding sites but, not for automatically launching them securely. It would be nice if there was a button in my status bar thing (the bottom panel in firefox) that would add/remove sites. Also, a universal always use HTTPS would be nice. There could then be a manual override or a blacklist type feature. Most sites I go to I really wouldn't mind the 2% overhead of knowing I'm a lot more secure.
For those that don't know: When you use https or any form of encryption for that matter there is a slight overhead (extra bandwidth) needed to send the encrypted data. This is because of two things:
1.) encrypted traffic is usually bigger than non-encrypted traffic.
2.) To enable the encryption a bit of data must first be sent back and forth so that using the magic of math both the server and your computer can learn to speak an encrypted language that no one else can understand. For more on this you could probably google cryptology.
Thanks for the review! If you've got thoughts on additional GUI features that would come in handy, please send an email to email@example.com and I'll take a look!
Rated 5 out of 5 stars
Great extension Sid. However I have some suggestions:
- Enabling the options button in the add-ons list so users will be able to remove the "Force TLS Configuration" tools menu entry if they want.
- Adding editing capabilities for each entry.
- Adding an option for creating and editing entries, which, for 2ndlevel.1stlevel , www.2ndlevel.1stlevel and www#.2ndlevel.1stlevel adresses, makes inherit the same setting than the adress entry containing 2ndlevel.1stlevel pair (or more levels) whatever the form the adress has, avoiding some potentially redudant duplicate entries.
- Adding import and export list buttons.
- Enabling Force-TLS to translate URLs to custom https URL, i.e., if I create an entry en.wikipedia.org , Force-TLS cannot translate it to its equivalent https://secure.wikimedia.org/wikipedia/en/wiki/
Thx in advance.
Thanks for the ideas
Hi strelnic. Thanks for the ideas! The next version of the add-on should have the options/preferences button enabled. I'm not sure why you'd want editing capabilities, since really you either force a site or not. Import/Export are a fine idea, and I'll try to get that into an upcoming version.
With respect to the site-rewriting rules, the Strict-Transport-Security specification doesn't provide for these, and this add-on is made for that spec. I probably won't be adding that functionality. HTTPS-Everywhere does this.
Cannot add addresses in Configuration Rated 5 out of 5 stars
I am giving 5 to this provided my problem below can be solved.
I may be having the same problem as FourTwoOmega. When I key in a webpage to add to the list it disappears as soon as I press 'Add Site' and nothing gets added. I have tried with several different addresses. Could there be a conflict with another add-on or do I need to change any settings in Firefox?
Can't add addresses?
This could be a conflict with another add-on, but is likely a corrupt profile. Try creating a new, clean profile and installing only Force-TLS. If it works, then migrate your bookmarks and stuff over and start installing other add-ons.
Rated 4 out of 5 stars
Works very well although I have encountered two issues. 1st it blocks facebook chat, one of the only features I use on that site. 2nd it crashes aol. Yea I know aol is obsolete but it is one of my oldest accounts and I still use it to communicate with family and have saved information i still use frequently.I wish i could figure a way around these issues because this extension is great especially now with the firesheep threat.This review is for a previous version of the add-on (2.0).
Please Update Rated 3 out of 5 stars
Please Update it for Firefox 4.0b6This review is for a previous version of the add-on (2.0).
Force-TLS in Firefox 4
Hi TBABlackPanther. Firefox 4.0 already has most of Force-TLS built in as a feature called Strict-Transport-Security.
Version 3 of Force-TLS will work in firefox 4!
Seems OK Rated 4 out of 5 stars
This place are for Firefox not for other browsers.
If you looking for a plugin for Chrome look for this one
KB SSL Enforcer
Have just installed ForceTLS. So far there is no problem to use it
Rated 4 out of 5 stars
Force-TLS is definitely a good thing to have installed, especially now with things like Firesheep available to just anyone.
The only problem I'm having with it is that I can't add any sites manually; no matter what I enter for an address in the configuration window, nothing gets added, and the site still uses http by default (although stdout makes it appear that everything went fine).
Rated 3 out of 5 stars
Installation: What's up with being on this site yet getting two download warnings not to trust the source? Both can't be accurate.
Other versions? Like one for IE8 and/or Chrome ?