bug 929068 - pref-off OCSP stapling due to site failures r=cviecco a=akeybl
authorDavid Keeler <dkeeler@mozilla.com>
Tue, 22 Oct 2013 14:47:01 -0700
changeset 258577 8a2925c6b567325333c043afdfefd1507f7f48c6
parent 258576 51f4ecd192b2621cbac3e1a7f1b2db1d0558c760
child 258578 bc5f089773b9f58b6913592df27d86aee8e4cb97
push id4700
push userryanvm@gmail.com
push dateTue, 21 Apr 2015 23:53:16 +0000
treeherdermozilla-beta@d27c9211ebb3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerscviecco, akeybl
bugs929068
milestone25.0
bug 929068 - pref-off OCSP stapling due to site failures r=cviecco a=akeybl
netwerk/base/public/security-prefs.js
security/manager/ssl/src/nsNSSComponent.cpp
--- a/netwerk/base/public/security-prefs.js
+++ b/netwerk/base/public/security-prefs.js
@@ -7,17 +7,17 @@ pref("security.tls.version.max", 1);
 pref("security.enable_tls_session_tickets", true);
 pref("security.enable_md5_signatures", false);
 
 pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
 pref("security.ssl.renego_unrestricted_hosts", "");
 pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
 pref("security.ssl.require_safe_negotiation",  false);
 pref("security.ssl.warn_missing_rfc5746",  1);
-pref("security.ssl.enable_ocsp_stapling", true);
+pref("security.ssl.enable_ocsp_stapling", false);
 pref("security.ssl.enable_false_start", false);
 pref("security.ssl.false_start.require-npn", true);
 pref("security.ssl.false_start.require-forward-secrecy", false);
 
 pref("security.ssl3.rsa_rc4_128_md5", true);
 pref("security.ssl3.rsa_rc4_128_sha", true);
 pref("security.ssl3.rsa_fips_des_ede3_sha", true);
 pref("security.ssl3.rsa_des_ede3_sha", true);
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -886,17 +886,17 @@ setNonPkixOcspEnabled(int32_t ocspEnable
 
 #define CRL_DOWNLOAD_DEFAULT false
 #define OCSP_ENABLED_DEFAULT 1
 #define OCSP_REQUIRED_DEFAULT 0
 #define FRESH_REVOCATION_REQUIRED_DEFAULT false
 #define MISSING_CERT_DOWNLOAD_DEFAULT false
 #define FIRST_REVO_METHOD_DEFAULT "ocsp"
 #define USE_NSS_LIBPKIX_DEFAULT false
-#define OCSP_STAPLING_ENABLED_DEFAULT true
+#define OCSP_STAPLING_ENABLED_DEFAULT false
 
 // Caller must hold a lock on nsNSSComponent::mutex when calling this function
 void nsNSSComponent::setValidationOptions(nsIPrefBranch * pref)
 {
   nsNSSShutDownPreventionLock locker;
   nsresult rv;
 
   bool crlDownloading;