Option to block port 80 breaks HTTPS

[SkewedZeppelin]

Recently had a Mull user unable to visit many websites. My Mull has certification revocation strictly enforced with preference to CRLite and fallback to OCSP.

OCSP however runs on port 80.

I don't know the internals of how this feature works, but presumably could either allowlist the OCSP domains or try to identify OCSP requests.

The former is likely easier, but more fragile.

I do however keep a list of known OCSP domains here:

• https://github.com/divestedcg/dnsrm/blob/master/Infra-Certs.txt
• https://github.com/divestedcg/dnsrm/blob/master/Infra-Certs2.txt

(If you know of a more maintained list that'd be appreciated :slightly_smiling_face: )

I've also seen a lot of blocklists contain these, so maybe an option to exclude them as well would be good.