ready icon indicating copy to clipboard operation
ready copied to clipboard

Published 20 hours ago verified publisher icon sesh

feat: short-lived certs always pass OCSP checks

Open Seirdy opened this issue 3 months ago • 0 comments

Firefox skips OCSP checks for certs younger than the number of days specified in security.pki.cert_short_lifetime_in_days (10 by default), which makes sense because OCSP stapling is redundant for short-lived certs. Revocation is only applicable to long-lived certs with lifetimes measured in weeks or longer.

Ready now exhibits the same behavior.

Seirdy avatar Apr 15 '24 05:04 Seirdy