On 10/11/13 1:39 PM, Bob Clary wrote:
On 10/11/2013 12:57 PM, Camilo Viecco wrote:
Hello List
I am planning to land a patch to reduce the default (soft-fail) OCSP
network timeout values. Currently OCSP connections timeout after 10
seconds and my plan is to changed that to 3 seconds (hard fail will keep
the current 10 second timeout value).
With this change (according to telemetry) we will cover 95% of
successful checks in desktop and 90% of fennec. (2 seconds is 90% of
desktop 85% of fennec). Currently fennect cancelled connections are
about 6% of connections.
Any issues with this change?
Thanks
Camilo
How will this play with high latency connections such as found on
Satellite-based internet where ping times are 600-1000ms?
Since fetching the OCSP response takes 2RTT (without closing the
connection) a 3 second timeout would be sufficient for 1000ms RTT.
But if you desire you can still enable strict ocsp responses and that
will give you back the 10 second timeouts.
Camilo
/bc
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
