Only Firefox is safe post Heartblead

May 12, 2014 00:00 · 122 words · 1 minute read link security

oSteve Gibson have a nice round-up where he explains how certificate revocation does work and why Chrome and Chromiums certificate revocation scheme doesn’t work. I recommend to read both Steve Gibson’s article on An Evaluation of the Effectiveness of Chrome’s CRLSets and Adam Langley’s in my opinion a bit missplaced answer Revocation still doesn’t work.

How to be safe

  1. Use Firefox until Chrome is fixed.

  2. In Firefox enable hard fail on OCSP errors.

    Goto PreferencesAdvancedCertificatesValidation.

    Check When an OSCP server connection failes, treat the certificate as invalid.

[Adam Langley]: