[psykovsky]

That is simply not true. Firefox does hard-fail with the default settings.

[sp332]

I'm sure it doesn't. I just checked Options -> Advanced -> Certificates -> Revocation, and it's not checked by default.

[psykovsky]

And I'm sure you are wrong. I only see a Validation option(not Revocation), which has 2 more options on how to check OCSP, and those are both checked using the defaults. The correct path on my OS is Edit -> Preferences -> Advanced -> Certificates -> Validation -> OCSP options(both checked)

[magicalist]

I think you've altered your settings at some point. It's not the default.

You would see a huge influx of bugzilla entries of "Firefox is broken" if hard fail was the default.

edit: the checkbox in the validation subdialog (ocsp.xul) is tied to security.OCSP.require, which is set here with a default of false in the Firefox source: http://dxr.mozilla.org/mozilla-central/source/netwerk/base/p...

[psykovsky]

> I think you've altered your settings at some point. It's not the default.

I think some extension or some other thing changed them for me. I don't remember ever opening the OCSP dialog until now :/

[mpyne]

I just checked, and the checkbox for enabling hard-fail is unchecked with my default Firefox settings.