HTTPS connection is interrupted if OCSP server is unavailable

RESOLVED DUPLICATE of bug 508633

Status

()

Core
Security: PSM
RESOLVED DUPLICATE of bug 508633
8 years ago
8 years ago

People

(Reporter: Laurens Blankers, Assigned: kaie)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2

When connecting to a website using HTTPS which uses a certificate with an OCSP server and the OCSP server is unreachable (does not respond to requests) Firefox will display a "The connection was interrupted" error even though the option "When an OCSP server connection fails, treat the certificate as invalid" is UNchecked.

Reproducible: Always

Steps to Reproduce:
1. Make sure OCSP validation is on using the certificate provided OCSP server
2. Make sure "When an OCSP server connection fails, treat the certificate as invalid" is UNchecked
3. Configure your local firewall to DROP (not reject) all TCP traffic on port 80 to the OCSP server (e.g. ocsp.godaddy.com)
4. Connect to https://www.godaddy.com
Actual Results:  
After a timeout firefox shows the error:

The connection was interrupted

Expected Results:  
Website is loaded without error or message.

When the requests to the OCSP server are rejected rather than dropped the results are as expected.

Comment 1

8 years ago
If it's an EV-certificate, bug 490883 might help (downgrade to no EV-certificate). Otherwise, it's a dupe of bug 334658.

Comment 2

8 years ago
first one should be bug 508633
(Reporter)

Updated

8 years ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 508633
You need to log in before you can comment on or make changes to this bug.