Closed Bug 1578059 Opened 5 years ago Closed 5 years ago

SEC_ERROR_OCSP_OLD_RESPONSE on chessable.com

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86_64
Windows 10
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1429800

People

(Reporter: gcp, Unassigned)

Details

STR

  1. Visit https://chessable.com
  2. Secure Connection Failed

An error occurred during a connection to chessable.com. The OCSP response contains out-of-date information. Error code: SEC_ERROR_OCSP_OLD_RESPONSE

Works in Chrome.

This is working again in Firefox now. (But I don't think it's good if Firefox intermittently doesn't work while Chrome keeps working...)

If you're seeing this error, it's either due to your clock or the CA sending an expired response. If it isn't your clock, the only way to "fix" this is to turn off OCSP, which we're not going to do until we have a replacement for it, which is crlite. (Note that Chrome doesn't do OCSP.)

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE

I'm now having this continuously so I had to turn off OSCP. Someone else will do the logical thing, ditch Firefox and upgrade to a browser that works but is less secure :( This is beyond sad.

https://www.ssllabs.com/ssltest/analyze.html?d=chessable.com

Does show:

OCSP stapling Yes
OCSP STAPLING ERROR: OCSP response expired on Thu Sep 12 02:37:48 UTC 2019

So Indeed the site has broken OSCP Stapling.

You need to log in before you can comment on or make changes to this bug.