| ▲ | chrismorgan 2 days ago | |||||||
It’s enabled in Firefox (pref security.OCSP.enabled defaults to 1¹), but not forced (pref security.OCSP.require defaults to false²). I believe Safari behaves the same way. —though I’m not sure how this fits in with https://hacks.mozilla.org/2025/08/crlite-fast-private-and-co... which said “we will be disabling OCSP for domain validated certificates in Firefox 142”. This is a stunningly fuzzy area where the true and accurate information is difficult to come by. —⁂— ¹ https://searchfox.org/firefox-main/source/modules/libpref/in.... Actually, on Android it defaults to 2, which skips OCSP on DV certificates, which is almost all these days. ² https://searchfox.org/firefox-main/source/modules/libpref/in... | ||||||||
| ▲ | jsiepkes a day ago | parent [-] | |||||||
> “we will be disabling OCSP for domain validated certificates in Firefox 142”. This is a stunningly fuzzy area where the true and accurate information is difficult to come by. Doesn't seem all that fuzzy to me? Domain validated certificates are certificates where only domain name ownership is verified (like ACME does for Let's Encrypt). So it seems starting with Firefox 142 OCSP would be disabled by default for Let's Encrypt certificates. | ||||||||
| ||||||||