Disable ocsp checking for improved performance
37 views
Skip to first unread message
jjcra...@gmail.com
Jul 19, 2012, 1:12:56 PM7/19/12
to webc-...@googlegroups.com
I'm using the disc in a secure environment, but there's a lot of latency in checking the revocation of the signing certs on the page. We are seeing about 30+ seconds just for the oscp check to timeout and resume to the page. Has anyone disabled ocsp correctly?
I've been adding to config/includes.chroot/etc/iceweasel/pref/iceweasel.js
lockPref("security.OCSP.enabled",
0);
Is that the right place to be adding the information? I thought ocsp disabling was in the repository, but I can't seem to find it now.
Kai Hendry
Jul 20, 2012, 5:37:32 AM7/20/12
to webc-...@googlegroups.com
On 19 July 2012 19:12, <jjcra...@gmail.com> wrote:
> lockPref("security.OCSP.enabled", 0);
I have not done this myself, but that looks like how you would disable
OCSP in FF. Have you tried debugging why it's so slow?
I guess you are simply not on the Internet and it spends ages trying
to connect somewhere? Couldn't that be fixed perhaps with some
/etc/hosts override maybe?
> Is that the right place to be adding the information? I thought ocsp
> disabling was in the repository, but I can't seem to find it now.
I usually change things only in the rootfs of late:
https://github.com/Webconverger/webc/blob/master/etc/iceweasel/pref/iceweasel.js
Kind regards,
> lockPref("security.OCSP.enabled", 0);
I have not done this myself, but that looks like how you would disable
OCSP in FF. Have you tried debugging why it's so slow?
I guess you are simply not on the Internet and it spends ages trying
to connect somewhere? Couldn't that be fixed perhaps with some
/etc/hosts override maybe?
> Is that the right place to be adding the information? I thought ocsp
> disabling was in the repository, but I can't seem to find it now.
https://github.com/Webconverger/webc/blob/master/etc/iceweasel/pref/iceweasel.js
Kind regards,
Reply all
Reply to author
Forward
0 new messages