dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1010
share rss forum feed

floydb1982

join:2004-08-25
Kent, WA

Switch off OCSP for faster website load times

Click for full size
1. Visit the about:config URL in Firefox
Click for full size
2. Click the ll be careful, I promise button.
Click for full size
3. Search for OSCP in the Filter search field
Click for full size
4. Double click anywhere on that line and change the 1 to a 0. Then click OK or press Return.
After Comcast enabled dual stack IPv6 on there network in my area websites are now taking 2x longer to load up. Her is trick that you can do in Firefox that will make websites load faster than ever before.


timcuth
Braves Fan
Premium
join:2000-09-18
Pelham, AL

And you have turned off an important Firefox security feature:

»blog.mozilla.org/security/2013/0···firefox/

Tim


floydb1982

join:2004-08-25
Kent, WA

By disabling the Online Certificate Status Protocol in Firefox Websites are now loading faster than the speed of light. Keeping the Online Certificate Status Protocol enabled makes websites load slower than the speed of a snail.



Cabal
Premium
join:2007-01-21
Reviews:
·Suddenlink

said by floydb1982:

By disabling the Online Certificate Status Protocol in Firefox Websites are now loading faster than the speed of light. Keeping the Online Certificate Status Protocol enabled makes websites load slower than the speed of a snail.

You have a different problem, then. Most people leave the default and do not have the issue you're having.
--
If you can't open it, you don't own it.

floydb1982

join:2004-08-25
Kent, WA

How do you know you don't have the problem unless you try this out???


evoxllx

join:2007-06-07
Winter Park, FL

2 edits

1 recommendation

reply to timcuth

said by timcuth:

And you have turned off an important Firefox security feature:

»blog.mozilla.org/security/2013/0···firefox/

Tim

There is nothing "secure" about OCSP. It's a pointless and easily bypassed feature in outdated web browsers.

It actually has a number of drawbacks as well, other than being pointless.

- If the OCSP server happens to be down (happens a lot), this will cause long delays in page loads and possibly complete downtime.
- The CA that runs the OCSP server(s) will have the IP address and domain visited for every HTTPS site, assuming that visitor is using a browser with OCSP enabled.

So basically, you're sacrificing your privacy, reliability and performance for something that is pointless.

Also, OCSP stapling is a bust. It actually hurts performance due to the initial packets being much larger and was implemented badly, since it doesn't support stapling of the entire cert chain.

Currently, the best method of revocation checking is what Chrome does with crlsets.

»www.imperialviolet.org/2012/02/0···ets.html


timcuth
Braves Fan
Premium
join:2000-09-18
Pelham, AL
Reviews:
·Charter
·AT&T Southeast

Ok. You know a lot more about it than I. However, after reading that article, it would seem more prudent to switch from Firex to Chrome than to turn off the feature completely in Firefox.

Tim
--
"Life is like this long line, except at the end there ain't no merry-go-round." - Arthur on The King of Queens
~ Project Hope ~