Unsubscribe please.
From: Enterprise [mailto:[email protected]] On Behalf Of Julien Cristau Sent: October 24, 2017 5:37 AM To: Diego Viegas <[email protected]>; David Keeler <[email protected]> Cc: [email protected] Subject: Re: [Mozilla Enterprise] OCSP issues with Firefox? Also brokenness at the site, sending a "trylater" stapled OCSP response: $ openssl s_client -connect a2v.stj.jus.br:443 <http://a2v.stj.jus.br:443> -servername a2v.stj.jus.br <http://a2v.stj.jus.br> -status CONNECTED(00000003) depth=2 OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign verify return:1 depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Domain Validation CA - SHA256 - G2 verify return:1 depth=0 OU = Domain Control Validated, CN = *.stj.jus.br <http://stj.jus.br> verify return:1 OCSP response: ====================================== OCSP Response Data: OCSP Response Status: trylater (0x3) ====================================== [...] There are plans around making OCSP checks less strict in Firefox in the future (other browsers either don't check OCSP or connect anyway in failure cases), see https://bugzilla.mozilla.org/show_bug.cgi?id=1368868 Cheers, Julien On Mon, Oct 23, 2017 at 9:21 PM, Diego Viegas <[email protected] <mailto:[email protected]> > wrote: Hi, +1 We also have this ongoing problem in a Brazilian government/justice site, leading to the need to disable OCSP on Firefox ESR, latest version, Windows and Linux. Affected site is: https://a2v.stj.jus.br/peticionamento-cliente/ In the case we need FF (can't use Chrome) due to Java applet. -- Diego Viégas dotPro Tecnologia e Comunicação [email protected] <mailto:[email protected]> (61) 4042-2024 2017-10-23 17:12 GMT-02:00 Madsen, Stuart <[email protected] <mailto:[email protected]> >: Using Microsoft Edge works fine with no problem at all accessing login page of ssa.gov <http://ssa.gov> site! But I am on my work network, and not on my home network. One other fact, I am using windows 10 at work plus Edge, but vista at home and IE. But according to Microsoft, vista has native support for both CRL and OCSP as a method of determining certificate status. -----Original Message----- From: Enterprise [mailto:[email protected] <mailto:[email protected]> ] On Behalf Of [email protected] <mailto:[email protected]> Sent: Monday, October 23, 2017 1:53 PM To: [email protected] <mailto:[email protected]> Subject: Re: [Mozilla Enterprise] OCSP issues with Firefox? On 10/23/2017 09:04 AM, Anvar Kuchkartaev [Masked] wrote: > Preview: _______________________________________________ Enterprise ma > This email is forwarded from a MASKED EMAIL you created using Blur > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdnt.abine.com%2F%23help%2Ffaq%2Ffaq-whataremaskedemails > > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdnt.abine.com%2F%23help%2Ffaq%2Ffaq-whataremaskedemails&data=01%7C01%7CStuart_Madsen%40baylor.edu%7Ce9a45c04fe524c891a9d08d51a474341%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=MLiXSiEXqsja57SfdTIr5CwW4Fvq1svRW7W2saSIMlw%3D&reserved=0> > > &data=01%7C01%7CStuart_Madsen%40baylor.edu%7Ce9a45c04fe524c891a9d08d51a474341%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=MLiXSiEXqsja57SfdTIr5CwW4Fvq1svRW7W2saSIMlw%3D&reserved=0>. > IF THIS IS SPAM, CLICK HERE TO BLOCK. > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdnt. > abine.com <http://abine.com> %2F%23%2Fblock_email%2Ffbf1e8c7%40opayq.com > <http://40opayq.com> %2FFWD-737RBYLMHNM > CSYBCKDUAL6ACTADWAMNBOYSVQK2AKMAGM7BEGAVDAI2OUB3EAABA%40opayq.com > <http://40opayq.com> &data > =01%7C01%7CStuart_Madsen%40baylor.edu <http://40baylor.edu> > %7Ce9a45c04fe524c891a9d08d51a4743 > 41%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=DMD3JTga6nHyD4r686DSmo > ZWQVT3aZaSqw5Mw%2BeI8A4%3D&reserved=0> > > Want to shop safely and privately online? Get Blur Premium > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdnt.abine.com%2F%23premium > > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdnt.abine.com%2F%23premium&data=01%7C01%7CStuart_Madsen%40baylor.edu%7Ce9a45c04fe524c891a9d08d51a474341%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=meItwj8XDiZkm%2Fjv7GeUL0CuSRV%2Bkhd4adHuN8Ma448%3D&reserved=0> > > &data=01%7C01%7CStuart_Madsen%40baylor.edu%7Ce9a45c04fe524c891a9d08d51a474341%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=meItwj8XDiZkm%2Fjv7GeUL0CuSRV%2Bkhd4adHuN8Ma448%3D&reserved=0>. > > It is a very strange issue. Chrome and IE might be using ocsp from its cache. > Have you tried to connect to that websites from another network? AFAIK, Chrome uses Google servers to do OSCP -- look up CRL Sets. I think IE treats the failure in question the same as a network error and connects anyway. > Anvar Kuchkartaev > anvar@anvartaycom <mailto:[email protected]> > *From: *Robert A Vipperman > *Sent: *martes, 17 de octubre de 2017 01:58 p.m. > *To: *[email protected] <mailto:[email protected]> > *Subject: *[Mozilla Enterprise] OCSP issues with Firefox? > > > All, > > We started having issues in the last few days with certain internal > https sites giving the error below. Has anyone else experienced this > issue? These sites load with no issues in IE and Chrome. > > Secure Connection Failed > > An error occurred during a connection to xxx.xxx.com <http://xxx.xxx.com> . > Invalid OCSP > signing certificate in OCSP response. Error code: > SEC_ERROR_OCSP_INVALID_SIGNING_CERT > > The page you are trying to view cannot be shown because the > authenticity of the received data could not be verified. > > Please contact the website owners to inform them of this problem. > > _________________________ > > Robert Vipperman > > Dominion Resource Services, Inc. > > [email protected] <mailto:[email protected]> > > _________________________ > > ---------------------------------------------------------------------- > ---------- > > *CONFIDENTIALITY NOTICE:* This electronic message contains information > which may be legally confidential and or privileged and does not in > any case represent a firm ENERGY COMMODITY bid or offer relating > thereto which binds the sender without an additional express written > confirmation to that effect. The information is intended solely for > the individual or entity named above and access by anyone else is > unauthorized. If you are not the intended recipient, any disclosure, > copying, distribution, or use of the contents of this information is > prohibited and may be unlawful. If you have received this electronic > transmission in error, please reply immediately to the sender that you have > received the message in error, and delete it. Thank you. > > > > > > -------------------------Blur------------------------- > This email is forwarded from a MASKED EMAIL you created using Blur. > (https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdnt.abine.com%2F%23help%2Ffaq%2Ffaq-whataremaskedemails > > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdnt.abine.com%2F%23help%2Ffaq%2Ffaq-whataremaskedemails&data=01%7C01%7CStuart_Madsen%40baylor.edu%7Ce9a45c04fe524c891a9d08d51a474341%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=MLiXSiEXqsja57SfdTIr5CwW4Fvq1svRW7W2saSIMlw%3D&reserved=0> > > &data=01%7C01%7CStuart_Madsen%40baylor.edu%7Ce9a45c04fe524c891a9d08d51a474341%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=MLiXSiEXqsja57SfdTIr5CwW4Fvq1svRW7W2saSIMlw%3D&reserved=0). > IF THIS IS SPAM, CLICK HERE TO BLOCK: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdnt.a > bine.com <http://bine.com> %2F%23%2Fblock_email%2Ffbf1e8c7%40opayq.com > <http://40opayq.com> %2FFWD-737RBYLMHNMC > SYBCKDUAL6ACTADWAMNBOYSVQK2AKMAGM7BEGAVDAI2OUB3EAABA%40opayq.com > <http://40opayq.com> &data= > 01%7C01%7CStuart_Madsen%40baylor.edu <http://40baylor.edu> > %7Ce9a45c04fe524c891a9d08d51a47434 > 1%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=DMD3JTga6nHyD4r686DSmoZ > WQVT3aZaSqw5Mw%2BeI8A4%3D&reserved=0 > > Want to shop safely and privately online? Go Premium: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdnt.a > bine.com <http://bine.com> > %2F%3Fpk_campaign%3DmaskHeader%23premium&data=01%7C01%7CStuart > _Madsen%40baylor.edu <http://40baylor.edu> > %7Ce9a45c04fe524c891a9d08d51a474341%7C22d2fb35256a > 459bbcf4dc23d42dc0a4%7C1&sdata=yUsSemg8RE%2B2bP1F17ETqEGbGpSbO7YHa2BTy > eYo3%2FE%3D&reserved=0 -------------------------by > Abine------------------------- > > > _______________________________________________ > Enterprise mailing list > [email protected] <mailto:[email protected]> > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail. > mozilla.org <http://mozilla.org> > %2Flistinfo%2Fenterprise&data=01%7C01%7CStuart_Madsen%40bay > lor.edu <http://lor.edu> > %7Ce9a45c04fe524c891a9d08d51a474341%7C22d2fb35256a459bbcf4dc23d > 42dc0a4%7C1&sdata=knCqSgE07JyG3QZ7Ux2p3cCbN7R2e2HdHp3tg8LG6As%3D&reser > ved=0 > > To unsubscribe from this list, please visit > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.mozilla.org%2Flistinfo%2Fenterprise > > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.mozilla.org%2Flistinfo%2Fenterprise&data=01%7C01%7CStuart_Madsen%40baylor.edu%7Ce9a45c04fe524c891a9d08d51a474341%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=knCqSgE07JyG3QZ7Ux2p3cCbN7R2e2HdHp3tg8LG6As%3D&reserved=0> > > &data=01%7C01%7CStuart_Madsen%40baylor.edu%7Ce9a45c04fe524c891a9d08d51a474341%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=knCqSgE07JyG3QZ7Ux2p3cCbN7R2e2HdHp3tg8LG6As%3D&reserved=0 > or send an email to [email protected] > <mailto:[email protected]> with a subject of "unsubscribe" > -- Do not become so fixated on the cheese at the end of the maze that you forget the real goal is to escape from the lab. Stephen _______________________________________________ Enterprise mailing list [email protected] <mailto:[email protected]> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.mozilla.org%2Flistinfo%2Fenterprise <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.mozilla.org%2Flistinfo%2Fenterprise&data=01%7C01%7CStuart_Madsen%40baylor.edu%7Ce9a45c04fe524c891a9d08d51a474341%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=knCqSgE07JyG3QZ7Ux2p3cCbN7R2e2HdHp3tg8LG6As%3D&reserved=0> &data=01%7C01%7CStuart_Madsen%40baylor.edu%7Ce9a45c04fe524c891a9d08d51a474341%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=knCqSgE07JyG3QZ7Ux2p3cCbN7R2e2HdHp3tg8LG6As%3D&reserved=0 To unsubscribe from this list, please visit https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.mozilla.org%2Flistinfo%2Fenterprise <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.mozilla.org%2Flistinfo%2Fenterprise&data=01%7C01%7CStuart_Madsen%40baylor.edu%7Ce9a45c04fe524c891a9d08d51a474341%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=knCqSgE07JyG3QZ7Ux2p3cCbN7R2e2HdHp3tg8LG6As%3D&reserved=0> &data=01%7C01%7CStuart_Madsen%40baylor.edu%7Ce9a45c04fe524c891a9d08d51a474341%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=knCqSgE07JyG3QZ7Ux2p3cCbN7R2e2HdHp3tg8LG6As%3D&reserved=0 or send an email to [email protected] <mailto:[email protected]> with a subject of "unsubscribe" _______________________________________________ Enterprise mailing list [email protected] <mailto:[email protected]> https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mailmozilla.org/listinfo/enterprise <https://mail.mozillaorg/listinfo/enterprise> or send an email to [email protected] <mailto:[email protected]> with a subject of "unsubscribe" _______________________________________________ Enterprise mailing list [email protected] <mailto:[email protected]> https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mailmozilla.org/listinfo/enterprise <https://mail.mozillaorg/listinfo/enterprise> or send an email to [email protected] <mailto:[email protected]> with a subject of "unsubscribe"
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
