Why does Firefox makes an http request to ietf.org even when in HTTPS-only mode? (OCSP related)
When in HTTPS-only mode and the "Query OCSP responder servers" settings is enabled, Firefox makes an http request on port 80 to ietf.org.
details:
- HTTPS-only mode on, OCSP on:
- go to http://ietf.org/
- requests are made to:
ocsp.starfieldtech.com ietf.org ocsp.digicert.com
- HTTPS-only mode on, OCSP on:
- go to https://ietf.org/
- requests are only made to:
ocsp.starfieldtech.com ocsp.digicert.com
why is this? (Firefox 103 on macOS 10.15)
When in HTTPS-only mode and the "Query OCSP responder servers" settings is enabled, Firefox makes an http request on port 80 to ietf.org.
details:
* HTTPS-only mode on, OCSP on:
* go to '''http'''://ietf.org/
* requests are made to:
ocsp.starfieldtech.com
ietf.org
ocsp.digicert.com
* HTTPS-only mode on, OCSP on:
* go to '''https'''://ietf.org/
* requests are only made to:
ocsp.starfieldtech.com
ocsp.digicert.com
why is this?
(Firefox 103 on macOS 10.15)
所有回复 (2)
(ignore this post)
由n0u355lo于修改
The server at http://ietf.org returns a 302 redirect to https://www.ietf.org/ so I'm not sure whether HTTPS-Only causes anything different to happen there.
There probably is a diagram somewhere showing the exact request flow for HTTPS-Only mode and whatever implications OCSP might have.