Maybe Enable OCSP stapling

from elise.toradin@web.de on tbb-dev:

Hi, sadly I noticed that OCSP (security.OCSP.enabled) is still enabled in the latest TBB, I hope you are all aware that this data is sent unencrypted and can be used by CA's to track users.

OCSP Stapling has been a common feature of web servers since 2017, so I suppose we should rely on that instead?

Firefox is configured to use OCSP Stapling by default, but I still see an unencrypted OCSP connection for every https:// connection.
security.ssl.enable_ocsp_stapling = true
security.ssl.enable_ocsp_must_staple = true
security.OCSP.enabled = 0
Best Regards,

Elise

@ma1, @thorin thoughts on this?

Edited Aug 23, 2022 by morgan

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information