Can you please fix the following typo in the ticket:
 
"..use OCSP Stabling by default.."
 
which you copied from me.
 
Sorry, but I am kind of a perfectionist, my thoughts kind of don't have an off button.
 
Regards,
Elise
 
Gesendet: Dienstag, 23. August 2022 um 16:18 Uhr
Von: "Richard Pospesel" <pospeselr@riseup.net>
An: tbb-dev@lists.torproject.org
Betreff: Re: [tbb-dev] Data Leak: Disable old, unencrypted OCSP verification in TBB.
opened https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41115

On 8/23/22 16:01, elise.toradin@web.de wrote:
> Hi, sadly I noticed that OCSP (security.OCSP.enabled) is still enabled in the latest TBB, I hope you
> are all aware that this data is sent unencrypted and can be used by CA's to track users.
> OCSP Stapling has been a common feature of web servers since 2017, so I suppose we should rely on
> that instead?
> Firefox is configured to use OCSP Stabling by default, but I still see an unencrypted OCSP
> connection for every https:// connection.
> security.ssl.enable_ocsp_stapling = true
> security.ssl.enable_ocsp_must_staple = true
>
>  security.OCSP.enabled = 0
> Best Regards,
> Elise
>
> _______________________________________________
> tbb-dev mailing list
> tbb-dev@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev
_______________________________________________
tbb-dev mailing list
tbb-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev