Closed Bug 1390117 Opened 8 years ago Closed 7 years ago

Error visiting site due to SEC_ERROR_OCSP_TRY_SERVER_LATER

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1368868
Tracking Flags:
Tracking Status
firefox57 --- affected

People

(Reporter: gcp, Unassigned)

Details

1) Visit https://supr.snic.se/ 2) Secure Connection Failed An error occurred during a connection to supr.snic.se. The OCSP server suggests trying again later. Error code: SEC_ERROR_OCSP_TRY_SERVER_LATER Site works in Chrome. It also works in Edge, though it only loads after a delay. This might be a site issue, but as always, Firefox is the browser that does not work.
I also can't understand this behavior given bug 1366100. We aren't supposed to be fetching the OCSP stuff to begin with?
The server sends a stapled OCSP response with status `tryLater`. I'm not entirely sure how this should be handled. But it looks to me like Firefox is doing the right thing. It also works now (the stapled response just changed for me).
(In reply to Franziskus Kiefer [:fkiefer or :franziskus] from comment #2) > But it looks to me like Firefox is doing the right thing. ... >Firefox is the browser that does not work. Don't take the following 100% seriously, but I can't think of a better way to express my feelings right now: "Either we claim a bug bounty from the Chrome guys or we stop being the browser that does not work." I am also not sure how our behavior makes sense given bug 1366100.
> I am also not sure how our behavior makes sense given bug 1366100. Firefox doesn't fetch OCSP but still does OCSP stapling. The OCSP response here is sent together with the certificate as part of the TLS handshake. This has nothing to do with bug 1366100.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.