What is Firefox request to ocsp.int-x3.letsencrypt.org and similar

jasom · January 16, 2018, 3:21pm

When I test speed in Firefox, there are some strange requests tied with SSL certificate at the beginning of the waterfall:

[list]
[]ocsp.int-x3.letsencrypt.org when cert issuer is Let’s encrypt
[]ocsp.globalsign.com/rootr2 and ocsp.comodoca.com when issuer is Globalsign (nginx.com) WebPageTest - Running web page performance and optimization tests...
[/list]

But it isn’t always present in waterfall. For example site troyhunt.com (Comodo is cert issuer) has no such request: WebPageTest Test - WebPageTest Details

May somebody explain me what it is? Can I somehow reduce these requests? Why chrome doesn’t do such requests?

andydavies · January 16, 2018, 9:06pm

It’s the check as to whether a certificate has been revoked or not - Online Certificate Status Protocol or OCSP for short

Different browsers have different rules as to if and when they check them.

A technique called OCSP Stapling will remove them, which needs to be configured for the root domain on your server, third-parties need to be configured on their own servers / CDNs

jasom · January 17, 2018, 10:13am

That it was, so I have enabled OCSP Stapling on all my servers, thank you.

Topic		Replies	Views
Additional request in Firefox Discuss Test Results	1	87	December 29, 2015
Show OCSP Connection? Support	3	97	March 31, 2014
OCSP Stapling Optimization Discussions	1	118	February 27, 2015
OCSP revocation check despite stapled response Discuss Test Results	4	147	April 13, 2018
OCSP stapling only partial ? Discuss Test Results	1	148	July 20, 2019

What is Firefox request to ocsp.int-x3.letsencrypt.org and similar

Related Topics