[Mozilla Enterprise] security.OCSP.require - Breaks Many Sites
Osdoba, Sascha
S.Osdoba at gsi.de
Thu Feb 27 09:56:34 UTC 2020
Hi,
Mike Kaply answered my question to OCSP setting before so I guess you should not use it.
12. November 2019 17:37
Re: [Mozilla Enterprise] security.OCSP.require
FYI, on discussion with my team, there are lots of problems with OCSP. I assume you're setting it to true?
It can cause mysterious failures and very long delays loading web pages.
Mike
Regards,
Sascha
Von: Enterprise <enterprise-bounces at mozilla.org> Im Auftrag von Eddie Rowe
Gesendet: Mittwoch, 19. Februar 2020 00:18
An: enterprise at mozilla.org
Betreff: [Mozilla Enterprise] security.OCSP.require - Breaks Many Sites
// 4.6 (L2) Set OCSP Response Policy
defaultPref("security.OCSP.require", true);
I have enabled this setting in ESR 68.4 x64 and many sites such as Google and even Mozilla just do not work. I don't see how this could be adopted at a company level without created chaos. Are there persons still using this setting? Have you adjusted other settings to help out Firefox?
Example site that does not work with this setting set to true:
https://support.mozilla.org/en-US/questions/1169855
Error:
"Secure Connection Failed
An error occurred during a connection to support.mozilla.org. The OCSP server experienced an internal error. Error code: SEC_ERROR_OCSP_SERVER_ERROR
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/enterprise/attachments/20200227/814b354f/attachment.html>
More information about the Enterprise
mailing list