https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
"Users of Mozilla Firefox that are concerned about this issue should enable security.OCSP.require in the about:config dialog."
How can i enable this feature in Google Chrome?
- possible duplicate of “security.OCSP.require” in Google ChromeKez– Kez2011-03-24 11:44:35 +00:00Commented Mar 24, 2011 at 11:44
Add a comment |
2 Answers
There is no about:config in Chrome so there is no way (that I am aware of) to force OCSP usage. However, it should use OCSP by default and fallback to CRLs if that doesn't work. Plus, the web browsers have blacklisted the serial numbers of the stolen certificates directly in the web browser so if you upgrade your web browser you will be completely protected.
You'll be completely protected... THIS time. OCSP and CRL checking are a joke if the browser doesn't refuse the connection should the OCSP or CRL services prove (or appear) to be offline. As far as I'm concerned all browsers should refuse connections when the certificate can't be verified, but browser makers are loath to do so because users would blame the browser for any problems they experience, and likely switch over to another with looser restrictions.
The setting can be found in: Google Chrome > Settings > Advanced settings > Security > Check server for revocation (or something along those lines.. I'm using a Dutch version)
