Unable to turn off Shields Up after upgrade

bug

#1

After upgrading to 0.57 on Macintosh 10.14.1 I am unable to turn off Shields Up for an internal (home network) website (my Fortinet Firewall). I can disable on other websites.

When I try to turn off ‘Shields’ the button will move toward ‘off’, but then spring back to on/enabled. The browser refreshes the page but I cannot turn them off. In the past I was unable to use Brave to access the firewall web pages because they did not fully load. The browser shows the pages as insecure because the firewall uses a self signed certificate which is not trusted.

See screen shot.

I expect to see ‘Shields Down’ when I choose to turn it off.

This problem is consistent for the firewall web site.

Brave%20version

Reproducible on current live release (yes):0.57.18 64 bit

Additional Information:


#2

Thanks for the report @stuberman,
While I’m not have a workaround for now (maybe @mattches have one), an issue logged for this issue here

You can track the progress in the link above.

Also question:
Is the Shields block some features?

Thanks
:slightly_smiling_face:


#3

Thank you for the response.
I can’t see that Shields is blocking anything. On some pages I get a spinning (wait) circle which means I have to use a different browser to view the data.


#4

@stuberman,
It seems like there are two separate issues happening here:

  1. Shields will not go down when toggled to “off”
  2. You’re unable to access your local site due to a certificate issue

So since they’re separate (but possibly related), lets address them as such:

  1. The Shields don’t drop for that site when toggled off. Can you confirm that Shields do work with respect to on/off for websites other than the local site you’re attempting to access? Additionally, if you toggle/alter the individual protections within the panel, do they take effect?

  2. Since you’re using macOS, you can manually permit sites with self-signed or untrusted certificates. To do so, try the following:

    1. Navigate to Settings --> Advanced --> Privacy and Security --> Manage Certificates
    2. When you click Manage Certificates, your Apple Keychain should appear
    3. Now, return to your local site in which the certificate is untrusted and click the lock icon on the left-hand side of the address bar and click “Certificates”:
      cert1
    4. From here (and yes, this is definitely less-than-intuative), click and drag the image of the certificate into your keychain (you can also drag it to your desktop and double-click, but this will open Keychain anyway).
    5. After dragging the cert into keychain or double-clicking cert on the desktop, keychain will ask you if you’d like to import the cert. Do so, and ensure that you have System selected in the dropdown menu.
    6. Click “Always Trust” to complete certificate import
    7. Once done, the last step (extra precaution, really) is to go back to keychain, open the cert in question, expand the Trust section, and change the SSL setting here to “Always Trust”.

The above steps should allow you to access the webpage without navigating around the untrusted certificate. Let me know if this works for you and what you find when fiddling with the Shields settings.


#5

Thank you for your response and let me clarify:

Regarding the certificate: I have already trusted the self-signed certificate and I can go to the site by accepting the warnings. I also used a localhost entry to go to the site using the common name on the certificate. This does not clear up the "not secure’ warning and according to the referenced link, it is because the certificate does not have an “alternate name” listed. Frankly this does not bother me and it does not stop me from reaching the firewall web site.

The real issue is with the “Shields Up” toggle which does not allow me to toggle it to “down”. I can slide it about half way to off but it snaps back to on.


#6

I will add that the certificate shows “Invalid” in the browser, which is probably due to an error being out of our control such as CA authority:

07%20PM


#7
  1. I can toggle Shields up or down on other sites. Only this local firewall website does not allow me to toggle off.

  2. I can toggle “Ads and Trackers” on and off individually, but not “Connections encrypted” if always stays on.

23%20PM


#8

@stuberman,
Apologies for giving you information you already knew!

Shields panel not toggling down is…weird. I’ve reached out to some team members to see if anyone has seen this behavior before and what may be causing it. I’ll let you know as soon as I have more information.