Hacker News new | ask | show | jobs
by BuildTheRobots 4450 days ago
Not getting involved in the politics of being charged for revocations/re-keying, however it's worth pointing out that Google Chrome (linux and windows, and Chromium) all seem to have the "Check for server certificate revocation" option disabled by default.
1 comments
Karunamon 4450 days ago
In my experience, enabling it causes strange behavior with some plugins and even Chrome itself at some times. If the CRL check fails, related secure connections will fail with no notification.

This led to a bit of problem with a proxy server at work. A filter update blocked the CRL link, and suddenly nobody in my office could sign into their Chrome browsers. You'd hit "log in", it would appear to work, but nothing happens. An error saying that CRL checks were at fault would have saved a great deal of time....

link
BuildTheRobots 4449 days ago
Interesting; thank you for the warning -This explains some of the oddness I've been having this morning after enabling it last night.

I went an checked firefox too which does check CRLs as default but doesn't silently fail if it can't check them (it's a separate tickbox)

link