Closed Bug 555440 Opened 14 years ago Closed 14 years ago

HTTPS connection is interrupted if OCSP server is unavailable

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 508633

People

(Reporter: laurens, Assigned: KaiE)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2

When connecting to a website using HTTPS which uses a certificate with an OCSP server and the OCSP server is unreachable (does not respond to requests) Firefox will display a "The connection was interrupted" error even though the option "When an OCSP server connection fails, treat the certificate as invalid" is UNchecked.

Reproducible: Always

Steps to Reproduce:
1. Make sure OCSP validation is on using the certificate provided OCSP server
2. Make sure "When an OCSP server connection fails, treat the certificate as invalid" is UNchecked
3. Configure your local firewall to DROP (not reject) all TCP traffic on port 80 to the OCSP server (e.g. ocsp.godaddy.com)
4. Connect to https://www.godaddy.com
Actual Results:  
After a timeout firefox shows the error:

The connection was interrupted

Expected Results:  
Website is loaded without error or message.

When the requests to the OCSP server are rejected rather than dropped the results are as expected.
If it's an EV-certificate, bug 490883 might help (downgrade to no EV-certificate). Otherwise, it's a dupe of bug 334658.
first one should be bug 508633
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.