Yes, I am following the guidance of a security baseline and setting this to true. I guess I was thinking that OCSP stapling support would be broad enough by now that we should not have issues. I think we are left with no option but to turn this feature off. I was hoping I had overlooked something and I do appreciate the response!
From: Enterprise <[email protected]> On Behalf Of Osdoba, Sascha Sent: Thursday, February 27, 2020 3:57 AM To: [email protected] Subject: Re: [Mozilla Enterprise] security.OCSP.require - Breaks Many Sites Hi, Mike Kaply answered my question to OCSP setting before so I guess you should not use it. 12. November 2019 17:37 Re: [Mozilla Enterprise] security.OCSP.require FYI, on discussion with my team, there are lots of problems with OCSP. I assume you're setting it to true? It can cause mysterious failures and very long delays loading web pages. Mike Regards, Sascha Von: Enterprise <[email protected]<mailto:[email protected]>> Im Auftrag von Eddie Rowe Gesendet: Mittwoch, 19. Februar 2020 00:18 An: [email protected]<mailto:[email protected]> Betreff: [Mozilla Enterprise] security.OCSP.require - Breaks Many Sites // 4.6 (L2) Set OCSP Response Policy defaultPref("security.OCSP.require", true); I have enabled this setting in ESR 68.4 x64 and many sites such as Google and even Mozilla just do not work. I don't see how this could be adopted at a company level without created chaos. Are there persons still using this setting? Have you adjusted other settings to help out Firefox? Example site that does not work with this setting set to true: https://support.mozilla.org/en-US/questions/1169855<https://urldefense.proofpoint.com/v2/url?u=https-3A__support.mozilla.org_en-2DUS_questions_1169855&d=DwMFAg&c=2WwxlqHD_9GeHFEUsOHZXg&r=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8&m=HvCIg11cKsHElgSv7Tq5xco03Qz-qJllEkm-EhS5N0Q&s=Dl4cI7nyOUmEIpqLsZbWhzXdEhPWuOw4xZxDooL0aAg&e=> Error: "Secure Connection Failed An error occurred during a connection to support.mozilla.org. The OCSP server experienced an internal error. Error code: SEC_ERROR_OCSP_SERVER_ERROR The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem."
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
