Which is already true by default, which enforces stapling. I think it might not be as good to enforce oscp.
Not sure if then the best is to disable it, as it was before, or to leave it with the defaults from FF, as they seem safe, with the must staple set to true by default…
No firewall in place, :( And I don’t have custom filters on uBlock Origin for Amazon. AFAIK, https://teddit.net is not an Amazon domain, but I can’t say for certain…
I do have the following filters on uBlock Origin turned on: Basic, Mobile Ads, Tracking Protection, URL Tracking Protection. And I use only uBlock Origin simple mode… I do not see any indication the domain has been blocked at all, just that the ocsp response is “mal formed”, which might as well covered “missing”, but I can’t tell.
I do have LocalCDN, perhaps that is affecting, I’ll try without later… I have pending disabling LocalCDN and using uBlock Origin instead, there are some indications on how to do that on “Privacy Guide”, but I haven’t had time to follow the indications yet.
Is teddit.net working fine with the new ocsp librewolf setting for most, without tweaks on librewolf? It my perfectly be something I use, but on uBlock Origin and LocalCDN I don’t do much out of the box, and the way I found to get thngs working back was to prevent security.OCSP.require to become true.
Is teddit.net working fine with the new ocsp librewolf setting for most, without tweaks on librewolf?
I think so, I’m keeping my eyes on OCSP issues tho.
in your particular case I would suggest clearing all cookies and site data for lemmy from your urlbar, closing and opening the browser, and see if that does the trick. the error message seems to point to a different problem than the other reports I had, sorry bout not noticing earlier.
It’s not a cookies, neither site data issue. I did try your suggestions about cleaning all site data, and it didn’t help. I still get the OCSP mal formed response. BTW, it’s not Lemmy, it’s teddit. Lemmy is not giving me issues. I once in a while read some locally (cookies) subscribed reddits through teddit, but I no longer have a reddit account…
I’ll keep commented the ocsp require setting out. It seems safe, given that’s why stappling was introduced. Besides, it’s FF’s recommendation, given the ocsp service of the site might be down, or not working well. But FF indicates stappling solves the issue, particularly because:
security.ssl.enable_ocsp_must_staple
is set to true by default. However I’m locking it in librewolf.cfg just in case…
I don’t think this is a bug about the ocsp require setting, and I believe it’s working as intended, just that it’s way too strict. You can try out teddit on your own. If you do, please let me know. I don’t discard any other issue, but the error message seems way too clear, hehe.
not all websites actually support stapling, keep that in mind. either way we plan to expose the require setting in the UI in the next release, that should make things easier!
LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements.
LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM.
If you have any question please visit our FAQ first: https://librewolf.net/docs/faq/
Found the culprit:
// defaultPref("security.OCSP.require", true); // set to hard-failcommenting it out, as shown, fixes the issue
Notice the important one to be true is:
security.ssl.enable_ocsp_must_stapleWhich is already true by default, which enforces stapling. I think it might not be as good to enforce oscp.
Not sure if then the best is to disable it, as it was before, or to leave it with the defaults from FF, as they seem safe, with the must staple set to true by default…
any suggestion @fishonthenet@lemmy.ml?
have a lot at -> https://gitlab.com/librewolf-community/settings/-/issues/159#note_873388139
you might have a similar issue. I also had another report and the user had a firewall that was blocking OCSP.
No firewall in place, :( And I don’t have custom filters on uBlock Origin for Amazon. AFAIK, https://teddit.net is not an Amazon domain, but I can’t say for certain…
I do have the following filters on uBlock Origin turned on: Basic, Mobile Ads, Tracking Protection, URL Tracking Protection. And I use only uBlock Origin simple mode… I do not see any indication the domain has been blocked at all, just that the ocsp response is “mal formed”, which might as well covered “missing”, but I can’t tell.
I do have LocalCDN, perhaps that is affecting, I’ll try without later… I have pending disabling LocalCDN and using uBlock Origin instead, there are some indications on how to do that on “Privacy Guide”, but I haven’t had time to follow the indications yet.
Is teddit.net working fine with the new ocsp librewolf setting for most, without tweaks on librewolf? It my perfectly be something I use, but on uBlock Origin and LocalCDN I don’t do much out of the box, and the way I found to get thngs working back was to prevent
security.OCSP.requireto becometrue.Thanks !
I think so, I’m keeping my eyes on OCSP issues tho.
in your particular case I would suggest clearing all cookies and site data for lemmy from your urlbar, closing and opening the browser, and see if that does the trick. the error message seems to point to a different problem than the other reports I had, sorry bout not noticing earlier.
It’s not a cookies, neither site data issue. I did try your suggestions about cleaning all site data, and it didn’t help. I still get the OCSP mal formed response. BTW, it’s not Lemmy, it’s teddit. Lemmy is not giving me issues. I once in a while read some locally (cookies) subscribed reddits through teddit, but I no longer have a reddit account…
I’ll keep commented the ocsp require setting out. It seems safe, given that’s why stappling was introduced. Besides, it’s FF’s recommendation, given the ocsp service of the site might be down, or not working well. But FF indicates stappling solves the issue, particularly because:
security.ssl.enable_ocsp_must_stapleis set to
trueby default. However I’m locking it in librewolf.cfg just in case…I don’t think this is a bug about the ocsp
requiresetting, and I believe it’s working as intended, just that it’s way too strict. You can try out teddit on your own. If you do, please let me know. I don’t discard any other issue, but the error message seems way too clear, hehe.Thanks !
ooops, sorry. it is working for me tho, weird.
not all websites actually support stapling, keep that in mind. either way we plan to expose the
requiresetting in the UI in the next release, that should make things easier!