Let's encrypt don't support revocation ? You don't say.
https://letsencrypt.org/docs/revoking/
CrLite Support
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
-
Moonchild
- Pale Moon guru
- Posts: 38387
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: CrLite Support
In practice, they don't tend to revoke certificates. It's been a very big point of contention for using them.
"There is no point in arguing with an idiot, because then you're both idiots." - Anonymous
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
mmouse
- Moon lover
- Posts: 85
- Joined: 2019-02-13, 06:47
Re: CrLite Support
I don't know if this is related but I get currently a 'revoked certificate' message from this site:
https://www.math.columbia.edu/~woit
that displays fine for me under Firefox and Chrome (although I have seen on the Net reports of the same message with some users of Firefox - maybe they were using old versions)
Looking up in Wireshark shows that Palemoon is interrogating the Sectigo ocsp server, after receiving the ocsp reply Palemoon issues an Alert Certificate Revoked
I'd say that even if the Ocsp infrastructure is not inactivated yet, it may be not checked as seriously than before by CAs since now 99% of the Web will not actually use it.
Note that I have now trouble in decoding the Tls traffic, setting SSLKEYLOGFILE always worked for me but it does not anymore for some reason :-/
As the OCSP traffic is in clear, I can still see it.
https://www.math.columbia.edu/~woit
that displays fine for me under Firefox and Chrome (although I have seen on the Net reports of the same message with some users of Firefox - maybe they were using old versions)
Looking up in Wireshark shows that Palemoon is interrogating the Sectigo ocsp server, after receiving the ocsp reply Palemoon issues an Alert Certificate Revoked
I'd say that even if the Ocsp infrastructure is not inactivated yet, it may be not checked as seriously than before by CAs since now 99% of the Web will not actually use it.
Note that I have now trouble in decoding the Tls traffic, setting SSLKEYLOGFILE always worked for me but it does not anymore for some reason :-/
As the OCSP traffic is in clear, I can still see it.
-
adoxa
- Astronaut
- Posts: 520
- Joined: 2019-03-16, 13:26
- Location: Qld, Aus.
Re: CrLite Support
Showed up fine with Basilisk 2025.07.04 (64-bit; Windows 10).
-
mmouse
- Moon lover
- Posts: 85
- Joined: 2019-02-13, 06:47
Re: CrLite Support
@adoxa
thanks for the check, I tried with Basilisk same version on my Kubuntu 24.04 main system and it fails but with 'a malformed Server Hello handshake message. (Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO) '
Looking at the network trace, Basilisk emits a certificate revoked alert all the same, but contrary to Palemoon it tries again and this time (probably with different parameters) gets to the malformed Hello stage.
thanks for the check, I tried with Basilisk same version on my Kubuntu 24.04 main system and it fails but with 'a malformed Server Hello handshake message. (Error code: SSL_ERROR_RX_MALFORMED_SERVER_HELLO) '
Looking at the network trace, Basilisk emits a certificate revoked alert all the same, but contrary to Palemoon it tries again and this time (probably with different parameters) gets to the malformed Hello stage.