this post was submitted on 31 Jul 2025
44 points (92.3% liked)

Privacy

2065 readers
42 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
44
It happened today: Youtube no longer works on Librewolf for me. (infosec.pub)
submitted 2 days ago by PhilipTheBucket@quokk.au to c/privacy@programming.dev
20 comments fedilink hide all child comments
 

Presumably, there is some kind of way I can work around it, I saw something about clearing the cache because of stored failures of handshaking, but it seems like on the whole maybe it is time to start fuckin' with Peertube or something instead.

you are viewing a single comment's thread
view the rest of the comments
[–] kyub@discuss.tchncs.de 9 points 2 days ago* (last edited 2 days ago) (3 children)

Doesn't have to mean much at all: https://librewolf.net/docs/faq/#im-getting-sec_error_ocsp_server_error-what-can-i-do

Since I also get these from time to time with similar setups, I usually just switch browsers temporarily (after some time it will probably work again). Since my setup uses 3 browsers regularly, it's no big deal for me. It also rarely occurs so it's only very mildly annoying. As usual, with a more secure setup you will automatically get a couple of usability issues as well. Can't change that, it's like a law of physics. If it annoys you too much, you have to disable this security feature in the browser settings.

[–] ignirtoq@fedia.io 6 points 2 days ago (1 children)

We enable OCSP in hard-fail mode, meaning that if the revocation status of a certificate cannot be verified because the CA cannot be reached, then it will be treated as broken.

The fact that not every application that uses TLS certificates does this blows my mind. Certificate revocation should be a valid tool to deal with the compromise of cryptographic credentials, but if applications don't check, then they're opening themselves (and their users) up to a security vulnerability.

[–] PhilipTheBucket@quokk.au 2 points 2 days ago

Honestly, the chain of trust model for TLS certificates is just broken from top to bottom in practice. It's sort of along the lines of "anyone could walk past the building / into the apartment building basement and start flipping switches or fucking things up with the HVAC system" / "paper checks can be forged by anyone who cares" type of thing: It's mostly just that no one cares enough to exploit the problems with it. But yeah, for anyone who takes seriously things like CA root certificates staying secure and is bothered when they're not, they basically spend their entire time that is thinking about it being bothered by it, because right now it's all broken.

load more comments (1 replies)