Closed Bug 1621626 Opened 6 years ago Closed 4 years ago

Connecting to earthisland.org fails in Firefox with SEC_ERROR_OCSP_TRY_SERVER_LATER

Categories

(Core :: Security: PSM, defect, P2)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX
Tracking Flags:
Tracking Status
firefox-esr68 --- wontfix
firefox75 --- wontfix
firefox76 --- wontfix
firefox77 --- wontfix
firefox78 --- wontfix

People

(Reporter: ehsan.akhgari, Unassigned)

Details

(Whiteboard: [psm-backlog])

I tried accessing this page in Firefox but I got a SEC_ERROR_OCSP_TRY_SERVER_LATER error. It loads fine in Chrome. I believe it used to work in Firefox...

It looks like the server is stapling the "try later" error it got from the OCSP responder, which is not great. Also, the server is still serving that response, so when Firefox falls back to trying active fetching, that fails too. I'm not sure what the "right" thing to do here is because we don't want to let the ecosystem be silently broken, but at the same time we're almost certainly losing users to issues like this. I'll bring this up with the team and see what we come up with.

Priority: -- → P2
Whiteboard: [psm-backlog]

Based on comment 1, I think Firefox is actually doing the "right" thing, or at least a right thing. Our real solution here is CRLite, anyway.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.