bug-gnuzilla
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnuzilla] Icecat SSL warning/error pages; what settings affect

From: bch
Subject: Re: [Bug-gnuzilla] Icecat SSL warning/error pages; what settings affect the production of these 'error' pages?
Date: Tue, 28 Feb 2017 09:27:59 +0000
Hello again

Thank you to both of you for the additional contributions. Nothing suggested has led to a resolution in my case.

I have gone through Icecat and Firefox about:config looking for differences. There are a few but none that seemed to be significant with regard to the issue I have, or that I can fully understand their implication yet lets say (other than a good guess).

I have found one that was different and I matched Icecat to Firefox and this allowed websites that were not displaying to be displayed without the error page I posted.

That parameter/setting was: security.ssl.require_safe_negotiation

Setting it to false as per Firefox's default, allowed the page to be displayed, but with lots of warnings and the ability to see what was wrong (insecure and weak keys etc being reported in my case).

Regards
Habs






On 28 February 2017 at 02:20, jc_gargma <address@hidden> wrote:
> 1)  Sites that work well on a fast connection suddenly start to give me this
> error when I'm on a poor connection - seems like a time-out of some sort.
> It gets worse if I try to load several such sites at once.
>
> 2)  If I toggle "Query OCSP responder servers to confirm validity of
> certificates" in Preferences -> Advanced -> Certificates  off and then back
> on quickly (meaning, the box starts out checked, I uncheck it and then
> re-check it before doing anything else), then "Try Again" or a refresh
> brings up the site without any issues.
>
> 3)  I am totally unable to reproduce this error in Iceweasel or any other
> Mozilla-based browsers, even while on a poor connection, so it's an
> Icecat-specific phenomenon.
This sounds like a combination of lost packets due to weak signal and IceCat
having
security.OCSP.require
set to true by default.
This setting causes sites that fail to return an OCSP request to be considered
unsafe.
IceWeasel and Firefox have this set to false by default, which likely accounts
for their not reproducing this error.


-jc

--
http://gnuzilla.gnu.org


reply via email to
[Prev in Thread] Current Thread [Next in Thread]