From 2d9fbf4946999bec8fadbaaf70896c809c850ab5 Mon Sep 17 00:00:00 2001 From: jolzem Date: Mon, 26 May 2025 12:26:21 +0200 Subject: [PATCH] Removed OCSP requirement in librewolf to fix errors in school wifi --- librewolf/user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/librewolf/user.js b/librewolf/user.js index 544ecb8..6db13ae 100644 --- a/librewolf/user.js +++ b/librewolf/user.js @@ -452,7 +452,7 @@ user_pref("security.tls.enable_0rtt_data", false); * [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling * [SETTING] Privacy & Security>Security>Certificates>Query OCSP responder servers... * [1] https://en.wikipedia.org/wiki/Ocsp ***/ -user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1] +user_pref("security.OCSP.enabled", 0); // [DEFAULT: 1] /* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail * [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail) @@ -461,7 +461,7 @@ user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1] * could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers) * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html ***/ -user_pref("security.OCSP.require", true); +user_pref("security.OCSP.require", false); /** CERTS / HPKP (HTTP Public Key Pinning) ***/ /* 1221: disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS]