Hi, mingdao wrote: > Now, if any one of us turned off OCSP as Michael suggested, what should one do > after turning it back on? Could there now be certificates trusted there which > should not be?
Well, only your current browser session can be affected. For Firefox:
History -> Clear Recent History -> Details
In the dialog, just check "Active logins" and click "Clear Now".
This should clear any existing SSL state cache.
For Chrome it is a bit harder, because Chrome doesn't offer such an
option AFAIK (see [1]). Also, it depends on the SSL backend you are using.
PS: To enable OCSP in Chrome, go to chrome://settings/advanced
Security
Manage Certificates...
Check for server certificate revocation
It is disabled by default, due to "performance concerns" :(
See also:
=========
[1] http://code.google.com/p/chromium/issues/detail?id=90454
--
Regards,
Thomas
signature.asc
Description: OpenPGP digital signature
