#ocsp — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #ocsp, aggregated by home.social.
-
El lado del mal - Máster Online en Seguridad Ofensiva del Campus Internacional de Seguridad 2026: Comienzo el 24 de Marzo https://www.elladodelmal.com/2026/02/master-online-en-seguridad-ofensiva-del.html #Master #Cibersegurida #OCSP #Formación #OffensiveSecurity
-
I totally missed the memo that #letsencrypt disabled #OCSP:
https://letsencrypt.org/2024/12/05/ending-ocsp
And I see that there has been a #cabforum ballot making OCSP optional with only one issuer opposing:
A terrible Idea. And to make it worst, LE is distributing their #CRL over #cloudflare just as they did with their OCSP endpoints.
-
OCSP Service Has Reached End of Life
https://letsencrypt.org/2025/08/06/ocsp-service-has-reached-end-of-life
#HackerNews #OCSP #End #of #Life #LetsEncrypt #Cybersecurity #Tech #News
-
Here's today's #TechIsShitDispatch. I missed posting yesterday, but I can assure you that there was shitty tech; I just didn't have time to post about it.
Today's thread features more #Synology bullshit, more #Framework bullshit, some #Hulu bullshit, some #Google bullshit, and some annoying #Thunderbird behavior which I think may be linked to #OCSP certificate validation.
🧵1/18 -
If someone have warning messages in #Nginx logs about #OCSP url. Here is explanation from #LetsEncrypt
-
El lado del mal - Nueva Edición del Máster Online en Seguridad Ofensiva del Campus Internacional de Seguridad 2025/2026 https://www.elladodelmal.com/2025/06/master-online-en-seguridad-ofensiva-del.html #master #formación #ciberseguridad #OCSP #OffensiveSecurity #hacking #RedTeam #pentesting #pentest
-
New Kitten Release 🥳
To OCSP¹ or not to OCSP…
• Turns on OCSP support in the server only if the site’s certificate has the OCSP stapling extension.
This is to support both servers that still have OCSP stapling in their certs as well as new ones that don’t. (Let’s Encrypt sunset OCSP support yesterday and there is a transitionary period where Kitten servers will have both types of certificates. This update is to ensure we support both without issues.)
Also updated, if you’re interested in playing lower in the stack:
• @small-tech/https: https://codeberg.org/small-tech/https
• @small-tech/auto-encrypt: https://codeberg.org/small-tech/auto-encryptEnjoy!
:kitten:💕¹ Online Certificate Status Protocol (https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol). Yes, I hate abbreviations too :)
#Kitten #SmallWeb #SmallTech #KittenRelease #TLS #OCSP #OCSPStapling #LetsEncrypt
-
New Kitten Release 🥳
To OCSP¹ or not to OCSP…
• Turns on OCSP support in the server only if the site’s certificate has the OCSP stapling extension.
This is to support both servers that still have OCSP stapling in their certs as well as new ones that don’t. (Let’s Encrypt sunset OCSP support yesterday and there is a transitionary period where Kitten servers will have both types of certificates. This update is to ensure we support both without issues.)
Also updated, if you’re interested in playing lower in the stack:
• @small-tech/https: https://codeberg.org/small-tech/https
• @small-tech/auto-encrypt: https://codeberg.org/small-tech/auto-encryptEnjoy!
:kitten:💕¹ Online Certificate Status Protocol (https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol). Yes, I hate abbreviations too :)
#Kitten #SmallWeb #SmallTech #KittenRelease #TLS #OCSP #OCSPStapling #LetsEncrypt
-
New Kitten Release 🥳
To OCSP¹ or not to OCSP…
• Turns on OCSP support in the server only if the site’s certificate has the OCSP stapling extension.
This is to support both servers that still have OCSP stapling in their certs as well as new ones that don’t. (Let’s Encrypt sunset OCSP support yesterday and there is a transitionary period where Kitten servers will have both types of certificates. This update is to ensure we support both without issues.)
Also updated, if you’re interested in playing lower in the stack:
• @small-tech/https: https://codeberg.org/small-tech/https
• @small-tech/auto-encrypt: https://codeberg.org/small-tech/auto-encryptEnjoy!
:kitten:💕¹ Online Certificate Status Protocol (https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol). Yes, I hate abbreviations too :)
#Kitten #SmallWeb #SmallTech #KittenRelease #TLS #OCSP #OCSPStapling #LetsEncrypt
-
New Kitten Release 🥳
To OCSP¹ or not to OCSP…
• Turns on OCSP support in the server only if the site’s certificate has the OCSP stapling extension.
This is to support both servers that still have OCSP stapling in their certs as well as new ones that don’t. (Let’s Encrypt sunset OCSP support yesterday and there is a transitionary period where Kitten servers will have both types of certificates. This update is to ensure we support both without issues.)
Also updated, if you’re interested in playing lower in the stack:
• @small-tech/https: https://codeberg.org/small-tech/https
• @small-tech/auto-encrypt: https://codeberg.org/small-tech/auto-encryptEnjoy!
:kitten:💕¹ Online Certificate Status Protocol (https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol). Yes, I hate abbreviations too :)
#Kitten #SmallWeb #SmallTech #KittenRelease #TLS #OCSP #OCSPStapling #LetsEncrypt
-
New Kitten Release 🥳
To OCSP¹ or not to OCSP…
• Turns on OCSP support in the server only if the site’s certificate has the OCSP stapling extension.
This is to support both servers that still have OCSP stapling in their certs as well as new ones that don’t. (Let’s Encrypt sunset OCSP support yesterday and there is a transitionary period where Kitten servers will have both types of certificates. This update is to ensure we support both without issues.)
Also updated, if you’re interested in playing lower in the stack:
• @small-tech/https: https://codeberg.org/small-tech/https
• @small-tech/auto-encrypt: https://codeberg.org/small-tech/auto-encryptEnjoy!
:kitten:💕¹ Online Certificate Status Protocol (https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol). Yes, I hate abbreviations too :)
#Kitten #SmallWeb #SmallTech #KittenRelease #TLS #OCSP #OCSPStapling #LetsEncrypt
-
Ah, well, this’ll do it. Should’ve set myself a reminder:
On it.
-
Let's Encrypt 把 CRL 位置加到憑證裡面了
在「Adding CRL URLs to certificates」這邊看到的公告,把 CRL 位置加到憑證裡面了: On March 12, 2025, Let’s Encrypt will start including CRL (Certificate Revocation List) URLs in certificates we issue, in addition to the OCSP URLs we already include. This is part of our previously announced changes to deprecate support for OCSP. CRLs and OCSP are two di…
#authority #ca #certificate #crl #letsencrypt #ocsp #revoke #root #security
-
New releases
• Kitten (rolling release)
• @small-tech/https version 5.3.2
• Auto Encrypt version 4.1.3OCSP support has been reinstated in the server so existing sites with Let’s Encrypt certificates provisioned prior to the removal of the OCSP stapling requirement will not fail to load in Firefox.
Kitten servers in production will automatically update to this version in a few hours. You can also sign in to the Kitten settings page on your server and do a manual update to update Kitten immediately.
Thanks to @stefan and @s1r83r for bringing this to my attention. (https://mastodon.ar.al/@aral/113969540950647873)
#Kitten #SmallWeb #SmallTech #AutoEncrypt #TLS #SSL #HTTPS #OCSP #LetsEncrypt #web #dev #NodeJS #JavaScript
-
New Kitten release
• Upgrades to version 5.3.1 of @small-tech/https¹ which has version 4.1.2 of Auto Encrypt² that l removes OCSP stapling (because Let’s Encrypt has removed OCSP support).
Please upgrade your Kitten as soon as possible or any new Kitten servers you try to set up will fail and any certificate renewals for existing servers will start to fail in May.
(To upgrade, run `kitten update`. Your production servers will update automatically.)
Enjoy!
:kitten:💕
¹ https://www.npmjs.com/package/@small-tech/https
² https://www.npmjs.com/package/@small-tech/auto-encrypt#Kitten #SmallWeb #SmallTech #web #dev #TLS #HTTPS #AutoEncrypt #NodeJS #JavaScript #OCSP #LetsEncrypt
-
So I guess Let’s Encrypt has decided what I’ll be working on today then…
https://letsencrypt.org/2024/12/05/ending-ocsp/
(They’re ending OCSP stapling support. I’ll be updating Auto Encrypt¹ to remove OCSP support and then update @small-tech/https, which uses it, along with Auto Encrypt Localhost² to provide seamless TLS support regardless of whether you’re working in development or in production, and then update Site.js³ – deprecated but still used to serve some of our own sites at Small Technology Foundation⁴ – and Kitten⁵, with the latest @small-tech/https.)
¹ https://codeberg.org/small-tech/auto-encrypt
² https://codeberg.org/small-tech/auto-encrypt-localhost
³ https://codeberg.org/small-tech/https
⁴ https://small-tech.org
⁵ https://kitten.small-web.org#SmallWeb #SmallTech #TLS #SSL #HTTPS #LetsEncrypt #OCSP #AutoEncrypt #AutoEncryptLocalhost #SiteJS #Kitten
-
OCSP 的淡出...
前幾天的「The Slow Death of OCSP」這篇在講 OCSP 不受瀏覽器廠商青睞而逐漸會淡出舞台的事情...
目前各家瀏覽器都朝向自己將 revoke 名單 (通常是透過各家的 CRL) 整合成一份文件後讓瀏覽器下載的方式:
Instead of user agents consuming the CRLs directly, major browser vendors (and, presumably, operating systems) maintain th
https://blog.gslin.org/archives/2025/02/02/12239/ocsp-%e7%9a%84%e6%b7%a1%e5%87%ba/
#Browser #Computer #Murmuring #Network #Privacy #Security #Software #WWW #certificate #ocsp #online #privacy #protocol #security #status
-
I went to #38c3 and left my laptop unplugged. Its clock stopped and it think it's December 27.
Of course, web site certificates are invalid. But why do I get #OCSP errors in #Firefox when I clearly disabled OCSP querying?
> An error occurred during a connection to search.brave.com. The OCSP response is not yet valid (contains a date in the future).
Is this a data leak about domains I visit? I'd search for info but #Brave doesn't load :P
-
Apple memory holed its broken promise for an OCSP opt-out
https://lapcatsoftware.com/articles/2024/8/3.htmlHacknews评论
https://news.ycombinator.com/item?id=411841532020年时 Apple macOS 系统被发现每次打开应用时都会发送OCSP请求检查开发者证书的有效性。这种做法存在严重的隐私问题,被发现后引发了很大的热议。
Apple 当时做出了一些承诺,包括让这种检查措施用户可以自主退出,使用更加安全的方式进行替代等等。
现在四年过去了,有博主发现,Apple macOS 系统仍然进行着这样的OCSP检查,而当时的承诺也早在2023年9月偷偷从文档中删除。 -
Let's Encrypt 拿掉 OCSP 支援的時間表出來了
Let's Encrypt 宣佈了 OCSP 日落的時間表:「Ending OCSP Support in 2025」。
第一波是 2025/01/30,帶有 OCSP Must-
#Computer #Murmuring #Network #Privacy #Security #Service #ca #certificate #letsencrypt #must #ocsp #privacy #revoke #security #staple #stapling #support #timetable #tls
-
New blog post: Post-OCSP certificate revocation in the Web PKI.
With OCSP in all forms going away, I decided to look at the history and possible futures of certificate revocation in the Web PKI. I also threw in some of my own proposals to work alongside existing ones.
I think this is the most comprehensive current look at certificate revocation right now.
-
New blog post: Post-OCSP certificate revocation in the Web PKI.
With OCSP in all forms going away, I decided to look at the history and possible futures of certificate revocation in the Web PKI. I also threw in some of my own proposals to work alongside existing ones.
I think this is the most comprehensive current look at certificate revocation right now.
-
New blog post: Post-OCSP certificate revocation in the Web PKI.
With OCSP in all forms going away, I decided to look at the history and possible futures of certificate revocation in the Web PKI. I also threw in some of my own proposals to work alongside existing ones.
I think this is the most comprehensive current look at certificate revocation right now.
-
OCSP Stapling?
Mal eine #Frage an die IT-ler hier: Ich erwäge, #OCSP-Stapling für unsere #Webserver zu aktivieren. Ist diese Technologie noch aktuell bzw. hat sie Zukunft?
AFAIK haben alle aktuellen Browser die Technik wohl eingebaut, aber nur bei #Firefox wird sie aktiv genutzt - früher wohl auch in #Chrome.
Auf den ersten Blick erscheint mir die Technologie sinnvoll und #SSLlabs führt es als Kriterium für die Bewertung mit auf.
Bitte um Eure werte Einschätzung...
#Glaskugel #TLS #OCSP https://libranet.de/display/0b6b25a8-495f-f6cb-5980-982672559787 -
El lado del mal - Máster Online de Seguridad Ofensiva 2024-2025 con Certificación OSCP Offensive Security para ser Pentester https://www.elladodelmal.com/2024/01/master-online-de-seguridad-ofensiva.html #Master #OCSP #Pentesting #Pentester #Ciberseguridad #Formacion
-
OCSP всё?
Google УЦ Let’s Encrypt предупредил , что намерен «как можно скорее» прекратить поддержку протокола проверки статуса TLS-сертификата Online Certificate Status Protocol (OCSP) и впредь поддерживать только Certificate Revocation Lists (CRLs).
-
Friendly reminder that web #browsers disclose every domain name you visit not just to your DNS provider, but also google's safebrowsing and CA authorities' OCSP services.
Most "private" web browsers and configurations (e.g. user.js) don't disable this either, in fear of compromising #security .
Thankfully, for #ocsp a solution is coming, in the form of certificate revocation lists (CRLs), but until then, and probably some time after, this feature will remain enabled.
-
🔗 Intent to End OCSP Service https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html
-
Not the first one talking about it, but yesterday #LetsEncrypt announced to end the #OCSP service - a proposed standard to check the revocation status of #TLS certificates. The service is terminated in favor of certificate revocation lists (#CRL). The latter one was taught during my university degree in #cybersecurity as the recommended solution - yet adoption was sparse back 2 years ago.
My take on this is that in practice few entities, services and software will be affected. The one's who will be affected are probably those with lesser-known and/or slightly exotic setups. Happy to be proven wrong by people who are more familiar with the matter than I am.
Read up on the announcement of Let's Encrypt.
-
Let's Encrypt transitions revocation program from OCSP to CRL.
Why? Browsers have also switched browser-side checks (back) to CRL, after 10 years trying OCSP. It's all about privacy and performance.
Until recently, your browser had to request data from the CA (eg DigiCert, Sectigo), which means they can know your sites and browsing/device habits. CRL solves this.
https://letsencrypt.org/2022/09/07/new-life-for-crls
via https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html
-
Let's Encrypt 想要停掉 OCSP 服務
看到 Let's Encrypt 貼出來的文章,想要停掉 OCSP 服務:「Intent to End OCSP Service」,而打算以 CRLs 為主。
OCSP 是拿來驗證 certificate 是否有效的機制,由 CA 提供服務讓瀏覽器查詢,但這會
#Computer #Murmuring #Network #Privacy #Security #Service #WWW #authority #ca #cache #certificate #crl #crls #letsencrypt #ocsp #performance #privacy #scalability #scale #security #stapling
-
@jomo Today I was not able to access https://www.golem.de/ because of SEC_ERROR_OCSP_SERVER_ERROR. Only after I changed security.OCSP.require to false in about:config was I able to access that website. Turns out Golem is using #digicert.
-
安全警告:
由于 OCSP 是明文HTTP以及macOS 强制验证 OCSP 的设计,所以ISP只需要进行简单的监听即可知晓你系统中运行着什么软件。
如果你在 macOS 系统中安装了 ShadowsocksX-NG 这种不太符合社会主义核心价值观的软件,macOS 这种设计毫无疑问给你带来了潜在的隐私泄漏风险以及人身安全风险。
https://twitter.com/quakewang/status/1327844193662746625
#macOS #OCSP #隐私与安全 -
HTTP: What's Left of it and the OCSP Problem #TLS #OCSP #Browsers #packetlife https://i5c.us/d29744
-
Using a Mac without a network connection
https://eclecticlight.co/2023/03/14/using-a-mac-without-a-network-connection/
#Notarization #Technology #Gatekeeper #networking #quarantine #Updates #macOS13 #Ventura #ViableS #Viable #Macs #OCSP #VM -
Using a Mac without a network connection
https://eclecticlight.co/2023/03/14/using-a-mac-without-a-network-connection/
#Notarization #Technology #Gatekeeper #networking #quarantine #Updates #macOS13 #Ventura #ViableS #Viable #Macs #OCSP #VM -
HTTP: What's Left of it and the OCSP Problem #TLS #OCSP #Browsers #packetlife https://i5c.us/d29744
-
HTTP: What's Left of it and the OCSP Problem #TLS #OCSP #Browsers #packetlife https://i5c.us/d29744
-
HTTP: What's Left of it and the OCSP Problem #TLS #OCSP #Browsers #packetlife https://i5c.us/d29744
-
HTTP: What's Left of it and the OCSP Problem #TLS #OCSP #Browsers #packetlife https://i5c.us/d29744
-
OCSP Stapling?
Mal eine #Frage an die IT-ler hier: Ich erwäge, #OCSP-Stapling für unsere #Webserver zu aktivieren. Ist diese Technologie noch aktuell bzw. hat sie Zukunft?
AFAIK haben alle aktuellen Browser die Technik wohl eingebaut, aber nur bei #Firefox wird sie aktiv genutzt - früher wohl auch in #Chrome.
Auf den ersten Blick erscheint mir die Technologie sinnvoll und #SSLlabs führt es als Kriterium für die Bewertung mit auf.
Bitte um Eure werte Einschätzung...
#Glaskugel #TLS #OCSP https://libranet.de/display/0b6b25a8-495f-f6cb-5980-982672559787 -
#GemeenteUtrecht http://utrecht.nl http://internet.nl result: 2 red alerts :( :(, 2 warnings :(, 1 green :)
https://internet.nl/site/utrecht.nl/1846010/Fond of services @[email protected] (#kudos!!!) Pls tackle this lack of #security in Q1 2013.
#IPv6, #HSTS, #OCSP Stapling, #CSP, #RPKI