4.3 Set OCSP Use Policy

Information

This setting dictates whether Firefox will leverage Online Certificate Status Protocol (OCSP) to determine if a given certificate has been revoked.

Rationale:

Leveraging OCSP may help identify revoked certificates.

Impact:

None - This is the default behavior.

Solution

To establish the recommended configuration, set security.OCSP.enabled to 1:

Type about:config in the address bar

Type security.OCSP.enabled in the filter

Ensure the setting is set as prescribed.

OR

Open the mozilla.cfg file in the installation directory with a text editor

Add the following lines to mozilla.cfg:

lockPref('security.OCSP.enabled', 1);

Note: Configuring this setting to 2 also conforms with this benchmark.

Default Value:

1

See Also

https://workbench.cisecurity.org/files/4299

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.1.

Plugin: Unix

Control ID: 9377f3ee531825728c02dc55972cadd978daf1dedaa75953a7110a66e48d0453