Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Secure Connection Failed
611 views
Skip to first unread message
Mark Filipak
Feb 1, 2015, 8:12:11 PM2/1/15
to Mozilla FFox
FFox 31.4.0 ESR in Linux Mint+Xfce 17.1
Hi All,
Any idea how to get rid of this irritation?
Even in safe mode...
When I try to get
http://technet.microsoft.com/en-us/library/ee126090(WS.10).aspx
something is changing it to
https://...
As a result, FFox won't connect with technet. I get this:
"Secure Connection Failed
"An error occurred during a connection to technet.microsoft.com. The
OCSP response contains out-of-date information. (Error code:
sec_error_ocsp_old_response)"
I couldn't find anything in "Preferences"
I did find these in 'about:config'
browser.safebrowsing.appRepURL;https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_API_KEY%
urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey;0
This apparently has some link to Google Safe Browsing. If that's in my
FFox, then the Linux Mint distro put it there.
Any idea how to get rid of this irritation?
Thank You.
Oh, I did a DuckDuckGo search for
'https://sb-ssl.google.com/safebrowsing/newkey' but I don't read Russian
and I don't run Citrix.
--
Amazing 12-year old insect: Thunderbird Bug 121947.
Lizard spits out bug, buries it: Firefox Bug 1120734.
Hi All,
Any idea how to get rid of this irritation?
Even in safe mode...
When I try to get
http://technet.microsoft.com/en-us/library/ee126090(WS.10).aspx
something is changing it to
https://...
As a result, FFox won't connect with technet. I get this:
"Secure Connection Failed
"An error occurred during a connection to technet.microsoft.com. The
OCSP response contains out-of-date information. (Error code:
sec_error_ocsp_old_response)"
I couldn't find anything in "Preferences"
I did find these in 'about:config'
browser.safebrowsing.appRepURL;https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_API_KEY%
urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey;0
This apparently has some link to Google Safe Browsing. If that's in my
FFox, then the Linux Mint distro put it there.
Any idea how to get rid of this irritation?
Thank You.
Oh, I did a DuckDuckGo search for
'https://sb-ssl.google.com/safebrowsing/newkey' but I don't read Russian
and I don't run Citrix.
--
Amazing 12-year old insect: Thunderbird Bug 121947.
Lizard spits out bug, buries it: Firefox Bug 1120734.
»Q«
Feb 1, 2015, 9:08:34 PM2/1/15
to mozilla-sup...@lists.mozilla.org
In <news:mailman.28.1422839529...@lists.mozilla.org>,
can do to force a plain http connection.
> As a result, FFox won't connect with technet. I get this:
>
> "Secure Connection Failed
>
> "An error occurred during a connection to technet.microsoft.com. The
> OCSP response contains out-of-date information. (Error code:
> sec_error_ocsp_old_response)"
is an entirely different thing from OCSP.
> Any idea how to get rid of this irritation?
In about:config, setting security.OCSP.enabled to 0 will work, but I'd
set it back to the default when Microsoft fixes their OCSP responder or
when you're done looking at the MS site, whichever comes first. (I'm
not certain, but I think the problem is that their responder is sending
the OCSP info with an expiry date of yesterday.)
Mark Filipak <markfilip...@gmail.com> wrote:
> When I try to get
> http://technet.microsoft.com/en-us/library/ee126090(WS.10).aspx
> something is changing it to
> https://...
The Microsoft server redirects to the https URL, so there's nothing you
> When I try to get
> http://technet.microsoft.com/en-us/library/ee126090(WS.10).aspx
> something is changing it to
> https://...
can do to force a plain http connection.
> As a result, FFox won't connect with technet. I get this:
>
> "Secure Connection Failed
>
> "An error occurred during a connection to technet.microsoft.com. The
> OCSP response contains out-of-date information. (Error code:
> sec_error_ocsp_old_response)"
> This apparently has some link to Google Safe Browsing. If that's in my
> FFox, then the Linux Mint distro put it there.
All Firefoxen use Google Safe Browsing by default. But Safe Browsing
> FFox, then the Linux Mint distro put it there.
is an entirely different thing from OCSP.
> Any idea how to get rid of this irritation?
set it back to the default when Microsoft fixes their OCSP responder or
when you're done looking at the MS site, whichever comes first. (I'm
not certain, but I think the problem is that their responder is sending
the OCSP info with an expiry date of yesterday.)
WaltS48
Feb 1, 2015, 9:25:09 PM2/1/15
to mozilla-sup...@lists.mozilla.org
--
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.0a1
[Coexist · Understanding Across Divides](https://www.coexist.org/)
»Q«
Feb 1, 2015, 10:42:47 PM2/1/15
to mozilla-sup...@lists.mozilla.org
In <news:mailman.34.1422843907...@lists.mozilla.org>,
Thanks for posting that -- it made me look again, and I think I gave
bad advice. Mark, instead of security.OCSP.enabled, have a look at
security.OCSP.require and if it's set to true, toggle it to false.
If security.OCSP.require is set to false (the default), OCSP should only
cause a roadblock if there really is something wrong with the site's
certificate, not when (as in this case) the cert is fine but something
is wrong with the OCSP responder.
bad advice. Mark, instead of security.OCSP.enabled, have a look at
security.OCSP.require and if it's set to true, toggle it to false.
If security.OCSP.require is set to false (the default), OCSP should only
cause a roadblock if there really is something wrong with the site's
certificate, not when (as in this case) the cert is fine but something
is wrong with the OCSP responder.
Mark Filipak
Feb 1, 2015, 11:10:42 PM2/1/15
to support...@lists.mozilla.org
On 02/01/2015 10:28 PM, »Q« wrote:
-really big snip-
-really big snip-
> If security.OCSP.require is set to false (the default), OCSP should only
> cause a roadblock if there really is something wrong with the site's
> certificate, not when (as in this case) the cert is fine but something
> is wrong with the OCSP responder.
Hokey smokey! How do you keep up on that stuff?
> cause a roadblock if there really is something wrong with the site's
> certificate, not when (as in this case) the cert is fine but something
> is wrong with the OCSP responder.
»Q«
Feb 2, 2015, 12:09:46 AM2/2/15
to mozilla-sup...@lists.mozilla.org
In <news:mailman.39.1422850239...@lists.mozilla.org>,
mailing lists, but I didn't know exactly what the different prefs do,
which is why I first suggested turning OCSP off entirely. After
Walt's post, I did some searching and some testing and figured out the
better answer. At least I *hope* it was the better answer, and it
resolved the issue for me.
Mark Filipak <markfilip...@gmail.com> wrote:
> On 02/01/2015 10:28 PM, »Q« wrote:
> -really big snip-
> > If security.OCSP.require is set to false (the default), OCSP should
> > only cause a roadblock if there really is something wrong with the
> > site's certificate, not when (as in this case) the cert is fine but
> > something is wrong with the OCSP responder.
>
> Hokey smokey! How do you keep up on that stuff?
I sorta-kinda knew the basics of how OCSP works, from reading blogs and
> On 02/01/2015 10:28 PM, »Q« wrote:
> -really big snip-
> > If security.OCSP.require is set to false (the default), OCSP should
> > only cause a roadblock if there really is something wrong with the
> > site's certificate, not when (as in this case) the cert is fine but
> > something is wrong with the OCSP responder.
>
> Hokey smokey! How do you keep up on that stuff?
mailing lists, but I didn't know exactly what the different prefs do,
which is why I first suggested turning OCSP off entirely. After
Walt's post, I did some searching and some testing and figured out the
better answer. At least I *hope* it was the better answer, and it
resolved the issue for me.
Mark Filipak
Feb 2, 2015, 2:21:45 AM2/2/15
to support...@lists.mozilla.org
On 02/01/2015 10:28 PM, »Q« wrote:
> In <news:mailman.34.1422843907...@lists.mozilla.org>,
> WaltS48 <thali...@EVOMERaim.com> wrote:
>
> In <news:mailman.34.1422843907...@lists.mozilla.org>,
> WaltS48 <thali...@EVOMERaim.com> wrote:
>
> Thanks for posting that -- it made me look again, and I think I gave
> bad advice. Mark, instead of security.OCSP.enabled, have a look at
> security.OCSP.require and if it's set to true, toggle it to false.
>
> bad advice. Mark, instead of security.OCSP.enabled, have a look at
> security.OCSP.require and if it's set to true, toggle it to false.
>
> If security.OCSP.require is set to false (the default), OCSP should only
> cause a roadblock if there really is something wrong with the site's
> certificate, not when (as in this case) the cert is fine but something
> is wrong with the OCSP responder.
Brilliant, »Q«. You were indeed correct. In 'about:config',
> cause a roadblock if there really is something wrong with the site's
> certificate, not when (as in this case) the cert is fine but something
> is wrong with the OCSP responder.
'security.OCSP.require' was set to 'true'. I set it back to the default
('false') and all is happiness again.
Thank you so much.
0 new messages