HOW to set “security.OCSP.require” in Google Chrome/Chromium?
Bruno Wolff III
bruno at wolff.to
Thu Mar 24 18:29:25 UTC 2011
On Thu, Mar 24, 2011 at 07:58:48 -0700,
johhny_at_poland77 <johhny_at_poland77 at zoho.com> wrote:
> https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
>
> "Users of Mozilla Firefox that are concerned about this issue should enable security.OCSP.require in the about:config dialog."
>
> How can i enable this feature in Google Chrome/Chromium?
about:config is a URL that you can visit. You can then click on the
the setting to modify it's value. You can also type in a pattern to use
as a filter so that there are less settings shown.
Depnding on what you are really worried about, you might be better off totally
disabling the checking the bad certificate list instead of bothering to
have the black list block access to web pages. Sending all of the certifictes
you visit to the CA to verify may be a bigger security risk than being
tricked into visiting a web page with an incorrectly issued certificate.
More information about the users
mailing list