SEC_ERROR_OCSP_SERVER_ERROR

arkenfox / user.js

Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening

MIT License

9.93k stars 512 forks source link

SEC_ERROR_OCSP_SERVER_ERROR #1035

Closed unbranched closed 3 years ago

unbranched commented 3 years ago

I'm not sure it's user.js fault that maybe enforces this thing too much, but since a week I'm getting SEC_ERROR_OCSP_SERVER_ERROR Firefox error for most websites. The only thing I can do is disabling the OCSP option in the settings at every boot. Searching online I didn't find any effective solution and mostly outdated. I guess I need to reset the OCSP cache, to do this I could create a new Firefox profile, but I'd like to point the culprit directly. Any suggestion?

Svallinn commented 3 years ago

EDIT: Do the same steps below simultaneously (modify all three at once) to the following prefs: security.OCSP.enabled -> 0 -> 1 security.ssl.enable_ocsp_stapling -> false -> true

Turn security.OCSP.require to false in about:config and add the same thing to the end of your user.js before you shutdown Firefox. After that, you can shutdown Firefox and open it back up again. Then, turn security.OCSP.require back to true in about:config and delete the line you just wrote in user.js. Finally, close and reopen Firefox and tell me if it solved the problem. (I'm just throwing this out there, if it doesn't work, I'm sure Pants we'll have an idea or two)

unbranched commented 3 years ago

That solved it... wtf Firefox, are you a puzzle? Thanks a lot Synkky , i'll wait a few hours to confirm it doesn't revert back and then close the issue.

crssi commented 3 years ago

wtf Firefox, are you a puzzle?

Its not about FF... default for security.OCSP.require is false. 😉 But when you use user.js template, there might be some culprits for you and you need to do some overrides for your personal needs.

Cheers

Thorin-Oakenpants commented 3 years ago

i'll wait a few hours to confirm it doesn't revert back and then close the issue

Beat you to it. If it reverts back, re-open :)

unbranched commented 3 years ago

The problem is back :(

Thorin-Oakenpants commented 3 years ago

The only thing I can do is disabling the OCSP option in the settings at every boot.

Make those changes permanent in the user.js: i.e override them, and revisit/check the problem in the next release

unbranched commented 3 years ago

The only thing I can do is disabling the OCSP option in the settings at every boot.

Make those changes permanent in the user.js: i.e override them, and revisit/check the problem in the next release

Ok I'll do this.

Thorin-Oakenpants commented 3 years ago

AFAIK, OSCP can be hit and miss depending on your ISP etc

one of my overrides: been like that for as long as I can remember: I don't think I've flipped for a test for well over a year

user_pref("security.OCSP.require", false); // too much breakage

I often see SEC_ERROR_OCSP... threads on reddit: I avoid them like the plague: so I'm probably not the person to ask :)