Closed Bug 1228451 Opened 4 years ago Closed 4 years ago

Set the short-lived lifetime to the max OCSP response lifetime

Categories

(Core :: Security: PSM, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla45
Tracking Status
firefox45 --- fixed

People

(Reporter: mgoodwin, Assigned: mgoodwin)

Details

Attachments

(1 file)

The maximum OCSP response lifetime is 10 days.
Bug 1228451 - Set short-lived cert lifetime to the max OCSP response lifetime. r?keeler
Attachment #8692675 - Flags: review?(dkeeler)
Comment on attachment 8692675 [details]
MozReview Request: Bug 1228451 - Set short-lived cert lifetime to the max OCSP response lifetime. r?keeler

https://reviewboard.mozilla.org/r/26301/#review24035

::: modules/libpref/init/all.js:1999
(Diff revision 1)
> +pref("security.pki.cert_short_lifetime_in_days", 10);

Hmmm - it looks like the TLS/PKI security prefs are split between this file and netwerk/base/security-prefs.js (with most of them being in the latter). I think it would be best if they were in one place, so let's put this pref in security-prefs.js and move the rest of them in a follow-up bug.
Attachment #8692675 - Flags: review?(dkeeler) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/ed2b80d144f9eaf50d68cfeb68d613671ef5eb52
Bug 1228451 - Set short-lived cert lifetime to the max OCSP response lifetime. r=keeler
https://hg.mozilla.org/mozilla-central/rev/ed2b80d144f9
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla45
You need to log in before you can comment on or make changes to this bug.