1 |
Am Wed, 18 Mar 2015 16:41:25 -0700 |
2 |
schrieb walt <w41ter@×××××.com>: |
3 |
|
4 |
[...] |
5 |
> FF will not even show me the secure att.com webpage. I get an entire html page |
6 |
> with this (very big) error message: |
7 |
> |
8 |
> Secure Connection Failed |
9 |
> |
10 |
> An error occurred during a connection to www.att.com. The OCSP server experienced |
11 |
> an internal error. (Error code: sec_error_ocsp_server_error) |
12 |
> |
13 |
> The page you are trying to view cannot be shown because the authenticity of the |
14 |
> received data could not be verified. |
15 |
> |
16 |
> Please contact the website owners to inform them of this problem. |
17 |
> |
18 |
> |
19 |
> Am I the only one seeing this error message on firefox? I'll try compiling the |
20 |
> gentoo version to see if the behavior is different. |
21 |
|
22 |
OCSP has nothing to do with AT&T, it is a security feature that is supposed to |
23 |
help verify the authenticity of certificates. From what I've read on tech |
24 |
news sites, it has fallen out of favor precisely due to issues like this |
25 |
(Chrome has deactivated it, for example). See |
26 |
https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol; also see |
27 |
https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning for one (the?) |
28 |
replacement. |
29 |
|
30 |
(Note that I am speaking as a user, so feel free to clarify if I'm not being |
31 |
100% correct.) |
32 |
|
33 |
As to how to work around it, perhaps it makes sense to turn the feature off? |
34 |
|
35 |
HTH |
36 |
-- |
37 |
Marc Joliet |
38 |
-- |
39 |
"People who think they know everything really annoy those of us who know we |
40 |
don't" - Bjarne Stroustrup |