Https/ssl certificates



  • Hi; Do you intend to implement the certificate revocation detection. The browser should not display the grc.com test page: [b]https://revoked.grc.com[/b]. Attached: browser response to the previous url. Thanks



  • @sgordon:

    Hi;
    Do you intend to implement the certificate revocation detection. The browser should not display the grc.com test page: https://revoked.grc.com.
    Attached: browser response to the previous url.
    Thanks

    Quote from Steve Gibson:

    _The Firefox browser currently leads the industry in certificate revocation checking security. It incorporates its own mature internal technology and Firefox checks for revocation by default (thus protecting all users). And it does this on every operating system platform.

    Google's Chrome browser is the least certificate-secure browser on the Internet. It puts speed before security, so it is the only browser on the Internet to disable certificate checking by default._
    ā€“-------------------

    Opera 29 Developer does check for certificate revocation and so does Maxthon.



  • OK for Opera 29, but what about the new Vivaldi browser. It displays the grc test page. Therefore there is no checking yet.



  • @sgordon:

    OK for Opera 29, but what about the new Vivaldi browser. It displays the grc test page. Therefore there is no checking yet.

    Correct. So Vivaldi devs are behind the pack on security.



  • After som proper digging I've managed to get vivaldi to do ocsp lookups, in spite of google trying to make it borderline impossible. The checkbox was removed from chrome some time ago (see chrome "bug" report).

    But by creating a json-file in /etc/chromium/policies/managed with the content:

    { "EnableOnlineRevocationChecks" : true }
    ```the setting gets enabled. See http://www.chromium.org/administrators/policy-list-3 for possible policies. By strace-ing vivaldi I found it to be trying to access a file named "Policy/User Policy" in the users vivaldi-profile (~/.config/vivaldi{,-snapshot}/Default), but I assume that's supposed to be an sqlite-db, not json. There might still be some way to make the setting for the user, but the system-wide method is the only one I've found to work.
    Hopefully the vivaldi team will do as the opera guys, and enable it by default, or, preferably, make it a visible option in the browser.


  • After som proper digging I've managed to get vivaldi to do ocsp lookups, in spite of google trying to make it borderline impossible. The checkbox was removed from chrome some time ago (see chrome "bug" report).

    But by creating a json-file in /etc/chromium/policies/managed with the content:

    { "EnableOnlineRevocationChecks" : true }
    ```the setting gets enabled. See http://www.chromium.org/administrators/policy-list-3 for possible policies. By strace-ing vivaldi I found it to be trying to access a file named "Policy/User Policy" in the users vivaldi-profile (~/.config/vivaldi{,-snapshot}/Default), but I assume that's supposed to be an sqlite-db, not json. There might still be some way to make the setting for the user, but the system-wide method is the only one I've found to work.
    Hopefully the vivaldi team will do as the opera guys, and enable it by default, or, preferably, make it a visible option in the browser.

Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.