775376 - ocsp caching

Status: RESOLVED DUPLICATE of bug 48597

(Core :: Security: PSM, defect)

Description

[Subbu]

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
Build ID: 20120713134347

Steps to reproduce:

Downloaded FF 14.0.1.




Actual results:

How does Mozilla handle OCSP responses? Does it caches internally? It seems to remember OCSP caches only in the context of the same session.

1) go to https://www.paypal.com - Using live http headers you will see calls to ocsp responders
2) reload the same page- It remembers the previous OCSP and does not do the calls again- Or it reuses the existing ssl session and does not do it.
3) Shut the browser, restart and go https://www.paypal.com - Now it does the OCSP checks again.


Here is the OCSP response on live http headers.


HTTP/1.0 200 Ok
Last-Modified: Sat, 19 May 2012 19:13:10 GMT
Expires: Sat, 26 May 2012 19:13:10 GMT
Content-Type: application/ocsp-response
Content-Transfer-Encoding: binary
Content-Length: 1554
Cache-Control: max-age=586710, public, no-transform, must-revalidate
Date: Sun, 20 May 2012 00:14:40 GMT
nncoection: close
Connection: Keep-Alive



Windows uses disk cache to cache responses and IE integrated with CAPI2.






Expected results:

NSS should honour the OCSP response and not make OCSP calls until it expires.
This improves usability for end user, particularly in mobile.