Forum der Gemeinschaft Firefox

Subject: OCSP Must-Staple Behavior Observations in Firefox (Including iOS Platform)

Dear Firefox Team,

We have been conducting tests involving certificates with the OCSP Must-Staple extension and would like to share several observations regarding Firefox’s behavior across different platforms:

General Compliance with Must-Staple: On most platforms, Firefox correctly enforces the Must-Staple extension. That is, if a certificate includes the Must-Staple flag and the web server fails to provide a stapled OCSP response, the connection is appropriately terminated.

Unexpected Behavior on iOS: However, we have observed that Firefox on iOS does not appear to enforce this requirement consistently. Even when the server does not provide a stapled OCSP response, the browser still establishes the TLS connection. We are unsure whether this is due to platform limitations or an implementation inconsistency.

Redundant OCSP Requests Despite Stapling: Additionally, we found that Firefox still initiates an OCSP request even when a valid stapled response has already been provided by the server. This behavior not only degrades performance but may also introduce privacy concerns, it contrary to the original privacy and efficiency goals of OCSP Stapling.

hey i cant seem to figure out why the tab for the ai chat bot on the left hand side of the screen can not access my microphone.. i like to use google gemini and my microphone registers fine if i go directly to geminis website in my fire fox browser. but when i use the integrated tab on firefox it will not register my mic

Hi there , mozilla . I am finding it difficult to stay logged in in my AI chatbots provided in the sidebar by firefox with the strict mode enabled . Please help me