---

Firefox 37 Feature to Improve SSL/TLS Certificate Security

Today, all modern Web browsers already use the Online Certificate Status Protocol (OCSP) to check with certificate authorities on whether a given site certificate is valid. The new OneCRL effort is not intended to immediately replace OCSP.

“Firefox 37 will continue to support OCSP; it will check both OCSP and OneCRL when evaluating a certificate,” Mark Goodwin, application security engineer at Mozilla, told eWEEK. “As we gain more experience with OneCRL, we will look into disabling OCSP for certificates covered by OneCRL, but we are not taking that step today.