4.6 Set OCSP Response Policy

Information

This setting dictates whether Firefox will consider a given certificate to be invalid if Firefox is unable to obtain an Online Certificate Status Protocol (OCSP) response for it.
Requiring an OCSP response will reduce an adversary's ability to successfully leverage a compromised and revoked certificate.

Solution

Perform the following procedure:

* Open the mozilla.cfg file in the installation directory with a text editor

* Add the following lines to mozilla.cfg:

lockPref("security.ocsp.require", true);

See Also

https://workbench.cisecurity.org/files/1158

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(2)(a)

Plugin: Unix

Control ID: 53eadf02c69d8f4e909ecb207568d7663fc4df52017c18d2d6bf5a11900972cd