Today I discovered that Firefox 3 will refuse to display a site over HTTPS if its SSL certificate is revoked. And even though I am not questioning merits of this decision, I still would have preferred to have this behavior configurable, either somewhere deep in Preferences or at least via about:config (quick scan of the latter did not result in anything useful – did I overlook it?)
Firefox 3 and Revoked SSL Certificates
June 19th, 2008 · by Dmitriy (@somic on Twitter) · 4 Comments
Tags: technology
4 responses so far ↓
1 Firefox 3 and Revoked SSL Certificates // Jun 19, 2008 at 8:59 pm
[...] Excerpted from:Firefox 3 and Revoked SSL Certificates [...]
2 dave // Jun 20, 2008 at 12:58 am
Same deal here, check out https://escrm.nokia.com/ for an example.
I like the other warning, where if its untrusted you can add the exception, but completely stopping you?
Anyone?
3 Dmitriy // Jun 20, 2008 at 9:22 am
@dave – looks like Nokia fixed that site already.
4 dwp0980 // Sep 22, 2008 at 1:58 pm
Found this blog whilst experiencing the same problem. I also found a solution (although I don’t know the impact on security). It’s something to do with OCSP. If you go to Preferences/Options > Security > Advanced > Encryption > Validation and uncheck OCSP.
I found this solution at the following site. . .
http://support.mozilla.com/tiki-view_forum_thread.php?locale=de&comments_parentId=86422&forumId=1