Hi, mingdao wrote: > Now, if any one of us turned off OCSP as Michael suggested, what should one do > after turning it back on? Could there now be certificates trusted there which > should not be?
Well, only your current browser session can be affected. For Firefox: History -> Clear Recent History -> Details In the dialog, just check "Active logins" and click "Clear Now". This should clear any existing SSL state cache. For Chrome it is a bit harder, because Chrome doesn't offer such an option AFAIK (see [1]). Also, it depends on the SSL backend you are using. PS: To enable OCSP in Chrome, go to chrome://settings/advanced Security Manage Certificates... Check for server certificate revocation It is disabled by default, due to "performance concerns" :( See also: ========= [1] http://code.google.com/p/chromium/issues/detail?id=90454 -- Regards, Thomas
signature.asc
Description: OpenPGP digital signature