Thanks, I'll see if we can reach out to them. Mike
On Thu, Feb 27, 2020 at 3:54 PM Eddie Rowe <[email protected]> wrote: > Yes, I am following the guidance of a security baseline and setting this > to true. I guess I was thinking that OCSP stapling support would be broad > enough by now that we should not have issues. I think we are left with no > option but to turn this feature off. I was hoping I had overlooked > something and I do appreciate the response! > > > > *From:* Enterprise <[email protected]> * On Behalf Of *Osdoba, > Sascha > *Sent:* Thursday, February 27, 2020 3:57 AM > *To:* [email protected] > *Subject:* Re: [Mozilla Enterprise] security.OCSP.require - Breaks Many > Sites > > > > Hi, > > > > Mike Kaply answered my question to OCSP setting before so I guess you > should not use it. > > > > > > 12. November 2019 17:37 > Re: [Mozilla Enterprise] security.OCSP.require > > > > FYI, on discussion with my team, there are lots of problems with OCSP. I > assume you're setting it to true? > > > > It can cause mysterious failures and very long delays loading web pages. > > > > Mike > > > > > > Regards, > > > > Sascha > > > > > > *Von:* Enterprise <[email protected]> *Im Auftrag von *Eddie > Rowe > *Gesendet:* Mittwoch, 19. Februar 2020 00:18 > *An:* [email protected] > *Betreff:* [Mozilla Enterprise] security.OCSP.require - Breaks Many Sites > > > > // 4.6 (L2) Set OCSP Response Policy > > defaultPref("security.OCSP.require", true); > > > > I have enabled this setting in ESR 68.4 x64 and many sites such as Google > and even Mozilla just do not work. I don’t see how this could be adopted > at a company level without created chaos. Are there persons still using > this setting? Have you adjusted other settings to help out Firefox? > > > > *Example site that does not work with this setting set to true: * > > https://support.mozilla.org/en-US/questions/1169855 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__support.mozilla.org_en-2DUS_questions_1169855&d=DwMFAg&c=2WwxlqHD_9GeHFEUsOHZXg&r=a0pF-r4VjZCyzB4zxbRDcONPyw-KRRoDiBPd4lDRky8&m=HvCIg11cKsHElgSv7Tq5xco03Qz-qJllEkm-EhS5N0Q&s=Dl4cI7nyOUmEIpqLsZbWhzXdEhPWuOw4xZxDooL0aAg&e=> > > > > *Error:* > > “Secure Connection Failed > > > > An error occurred during a connection to support.mozilla.org. The OCSP > server experienced an internal error. Error code: > SEC_ERROR_OCSP_SERVER_ERROR > > > > The page you are trying to view cannot be shown because the > authenticity of the received data could not be verified. > > Please contact the website owners to inform them of this problem.” > > > > > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit > https://mail.mozilla.org/listinfo/enterprise or send an email to > [email protected] with a subject of "unsubscribe" >
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
