we’ll see how the behavior can be reverted

  • @kixikOP
    link
    12 years ago

    Found the culprit:

    // defaultPref("security.OCSP.require", true); // set to hard-fail

    commenting it out, as shown, fixes the issue

    • @kixikOP
      link
      12 years ago

      Notice the important one to be true is:

      security.ssl.enable_ocsp_must_staple

      Which is already true by default, which enforces stapling. I think it might not be as good to enforce oscp.

      Not sure if then the best is to disable it, as it was before, or to leave it with the defaults from FF, as they seem safe, with the must staple set to true by default…

          • @kixikOP
            link
            12 years ago

            No firewall in place, :( And I don’t have custom filters on uBlock Origin for Amazon. AFAIK, https://teddit.net is not an Amazon domain, but I can’t say for certain…

            I do have the following filters on uBlock Origin turned on: Basic, Mobile Ads, Tracking Protection, URL Tracking Protection. And I use only uBlock Origin simple mode… I do not see any indication the domain has been blocked at all, just that the ocsp response is “mal formed”, which might as well covered “missing”, but I can’t tell.

            I do have LocalCDN, perhaps that is affecting, I’ll try without later… I have pending disabling LocalCDN and using uBlock Origin instead, there are some indications on how to do that on “Privacy Guide”, but I haven’t had time to follow the indications yet.

            Is teddit.net working fine with the new ocsp librewolf setting for most, without tweaks on librewolf? It my perfectly be something I use, but on uBlock Origin and LocalCDN I don’t do much out of the box, and the way I found to get thngs working back was to prevent security.OCSP.require to become true.

            Thanks !

            • @fishonthenetM
              link
              12 years ago

              Is teddit.net working fine with the new ocsp librewolf setting for most, without tweaks on librewolf?

              I think so, I’m keeping my eyes on OCSP issues tho.

              in your particular case I would suggest clearing all cookies and site data for lemmy from your urlbar, closing and opening the browser, and see if that does the trick. the error message seems to point to a different problem than the other reports I had, sorry bout not noticing earlier.

              • @kixikOP
                link
                1
                edit-2
                2 years ago

                It’s not a cookies, neither site data issue. I did try your suggestions about cleaning all site data, and it didn’t help. I still get the OCSP mal formed response. BTW, it’s not Lemmy, it’s teddit. Lemmy is not giving me issues. I once in a while read some locally (cookies) subscribed reddits through teddit, but I no longer have a reddit account…

                I’ll keep commented the ocsp require setting out. It seems safe, given that’s why stappling was introduced. Besides, it’s FF’s recommendation, given the ocsp service of the site might be down, or not working well. But FF indicates stappling solves the issue, particularly because:

                security.ssl.enable_ocsp_must_staple

                is set to true by default. However I’m locking it in librewolf.cfg just in case…

                I don’t think this is a bug about the ocsp require setting, and I believe it’s working as intended, just that it’s way too strict. You can try out teddit on your own. If you do, please let me know. I don’t discard any other issue, but the error message seems way too clear, hehe.

                Thanks !

                • @fishonthenetM
                  link
                  22 years ago

                  BTW, it’s not Lemmy, it’s teddit.

                  ooops, sorry. it is working for me tho, weird.

                  But FF indicates stappling solves the issue

                  not all websites actually support stapling, keep that in mind. either way we plan to expose the require setting in the UI in the next release, that should make things easier!

                  • @kixikOP
                    link
                    12 years ago

                    OK, weird, I don’t know what might be causing librewolf to get ocsp mal formed responses on my side, :(