Why have the forum so much OCSP error?

[dark_moon]

Since a month or longer? i see maybe 1x week a OCSP error for a little time when i try to access this forum.
Is that a problem with your hoster moonchild?

[Moonchild]

OCSP errors would be a CA issue, not hoster issue. OCSP servers are run by the CA.
I haven't seen any issues, myself, though -- it may indicate an unreliable internet connection for you? Are you requiring OCSP responses for a connection to be valid? If so, then that is the drawback of it because you are requiring a third-party connection for each certificate verification (each SSL session).

[dark_moon]

Uhm then maybe this erros come because of the current problems with the big CAs.
I have that settings:

Edit i mean GobalSign: https://twitter.com/globalsign/status/7 ... 1842247680

[New Tobin Paradigm]

Off-topic:
dark_moon.. Please when you post screenshots on the forum.. Could you please switch to en-US so that everyone can read the UI.

[dark_moon]

Off-topic:

dark_moon.. Please when you post screenshots on the forum.. Could you please switch to en-US so that everyone can read the UI.

I believe that the settings are equal, no matter which language is installed. But i will that respect in next images.

[JustOff]

May be it related to GlobalSign problems, now they even ask reset OCSP cache.

[dark_moon]

Thanks JustOff.
I reset my database and will see if that helps

[dark_moon]

And again.
Reseting the OCSP cache doesn't make any difference. Same as ipconfig /flushdns.
Now after a few minutes all is fine again.

I doesn't reboot my pc nor my router. For me this sounds more then a ISP problem. What did you mean guys?

[dark_moon]

Today i get the error again and i found that in error console:

Code: Select all

Error: IndexedDB UnknownErr: e:\mozdev\TychoPM\dom\indexedDB\IDBFactory.cpp:149

(i have no e:\mozdev\...)

After i clean the browser cache and reload all works. I wonder why the cache can make such problems and only with Pale Moon forum.

[Moonchild]

It's likely NOT related to the cache, but to your connection to the OCSP server.
I don't think the indexedDB error is related, either. (and e:\mozdev\... is the source code location of where the browser binaries were built).

Please check your about:config for security.OCSP.require -- if it's set to "true" then that would be your "problem" because it will refuse connections in that case whenever it cannot contact the designated OCSP server(s) it needs for verification.

[dark_moon]

That setting was on true, but why does it makes problems now and not in past and only on this forum?
I enable that setting in february and until last month all works, even with this forum.

[Moonchild]

That setting was on true, but why does it makes problems now and not in past and only on this forum?
I enable that setting in february and until last month all works, even with this forum.

I can't answer that question because I neither have control over the OCSP servers involved, nor your ISP's connection.
If you require OCSP, then the risk is that a connectivity issue will prevent you from visiting a site.

[dark_moon]

Alright. Thanks for solve that.
I will test my setup for a while and if it doesn't work in future then i need to reset the setting.

[Moonchild]

Alright. Thanks for solve that.
I will test my setup for a while and if it doesn't work in future then i need to reset the setting.

The default is to not require OCSP, merely to support it. Your setting was not default, and you have just reset it to what it is intended to be. There is no real reason unless you are using a high-sec environment to require this kind of hardening, which is also exactly why I didn't even include it in Pale Moon Commander.

(as a beta tester, you should know these things...)