I get the above error when trying to access https://connect-racco.enedis.fr/ when using Pale Moon 32.4.1.
From looking online, it seems that this may be caused by some servers using SHA2 instead of SHA1.
It also seems that this was patched on Firefox a couple of years ago, so there may be a solution available - see https://bugzilla.mozilla.org/show_bug.cgi?id=1745600 - unless this is something that should be fixed server-side?
Secure Connection Failed MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
-
- Astronaut
- Posts: 512
- Joined: 2015-08-23, 17:56
- Location: UK / France
Secure Connection Failed MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING
Forked extensions :
● Add-ons Inspector ● Auto Text Link ● Copy As Plain Text ● Copy Hyperlink Text ● FireFTP button replacement ● gSearch Bar ● Navigation Bar Enhancer ● New Tab Links ● Number Tabs ● Print Preview Button and Keyboard Shortcut 2 ● Scrollbar Search Marker ● Simple Marker ● Tabs To Portfolio ● Update Alert ● Web Developer's Toolbox ● Zap Anything
Hint: If you expect a reply to your PM, allow replies...
-
- Pale Moon guru
- Posts: 35653
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Secure Connection Failed MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING
Well, the server-side configuration isn't very flexible, for sure, with how they only allow one cipher suite and one protocol that isn't the latest (only TLS 1.2), and it's a bit odd that they require SHA2 signatures for OCSP (that's overkill) while not using TLS 1.3, either.
I'll put this on my to-do list. We have a sufficiently recent NSS to be able to use this (it's a very recent addition to have this support) but it won't be implemented right away. I suggest if you have to use this and the server operators aren't willing to be a bit more flexible in their configuration, then you should use a different browser for their site for the time being while this is worked on.
By the way this deals with OCSP stapling, not OCSP lookups. You may be able to work around it as well by disabling OCSP stapled responses.
Set security.ssl.enable_ocsp_stapling to false to try this.
Once again that's a temporary workaround, not a solution.
I'll put this on my to-do list. We have a sufficiently recent NSS to be able to use this (it's a very recent addition to have this support) but it won't be implemented right away. I suggest if you have to use this and the server operators aren't willing to be a bit more flexible in their configuration, then you should use a different browser for their site for the time being while this is worked on.
By the way this deals with OCSP stapling, not OCSP lookups. You may be able to work around it as well by disabling OCSP stapled responses.
Set security.ssl.enable_ocsp_stapling to false to try this.
Once again that's a temporary workaround, not a solution.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Pale Moon guru
- Posts: 35653
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: Secure Connection Failed MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING
Update: this will be solved in the new milestone.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Astronaut
- Posts: 512
- Joined: 2015-08-23, 17:56
- Location: UK / France
Re: Secure Connection Failed MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING
Excellent - thanks
Forked extensions :
● Add-ons Inspector ● Auto Text Link ● Copy As Plain Text ● Copy Hyperlink Text ● FireFTP button replacement ● gSearch Bar ● Navigation Bar Enhancer ● New Tab Links ● Number Tabs ● Print Preview Button and Keyboard Shortcut 2 ● Scrollbar Search Marker ● Simple Marker ● Tabs To Portfolio ● Update Alert ● Web Developer's Toolbox ● Zap Anything
Hint: If you expect a reply to your PM, allow replies...