Hello, I wanted to bring up an issue regarding OCSP stapling. I filled this bug shortly after Firefox 27 came out: https://bugzilla.mozilla.org/show_bug.cgi?id=972304
Short conclusion: If you have enabled OCSP stapling on your server this will break the possibility to add certificate exceptions with Firefox 27. I find it a bit worrying that this issue hasn't received any attention yet. To make this clear: This made me disable OCSP stapling on my production machines with customers. And it's a serious regression to the previous version 26. I think it's pretty obvious that OCSP stapling is an important feature and to regain *really workiung* certificate revocation support in browsers it's an important building block. So I think we should reach out to server operators to enable it. However, the longer this issue stays in Firefox the harder it will be, because usually Server operators don't enable anything if it causes any kind of trouble, no matter how much sense it makes in terms of security. I'd prefer disabling OCSP stapling for now if it's causing such regressions. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
signature.asc
Description: PGP signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
