Presumably, there is some kind of way I can work around it, I saw something about clearing the cache because of stored failures of handshaking, but it seems like on the whole maybe it is time to start fuckin’ with Peertube or something instead.
Presumably, there is some kind of way I can work around it, I saw something about clearing the cache because of stored failures of handshaking, but it seems like on the whole maybe it is time to start fuckin’ with Peertube or something instead.
The fact that not every application that uses TLS certificates does this blows my mind. Certificate revocation should be a valid tool to deal with the compromise of cryptographic credentials, but if applications don’t check, then they’re opening themselves (and their users) up to a security vulnerability.
Honestly, the chain of trust model for TLS certificates is just broken from top to bottom in practice. It’s sort of along the lines of “anyone could walk past the building / into the apartment building basement and start flipping switches or fucking things up with the HVAC system” / “paper checks can be forged by anyone who cares” type of thing: It’s mostly just that no one cares enough to exploit the problems with it. But yeah, for anyone who takes seriously things like CA root certificates staying secure and is bothered when they’re not, they basically spend their entire time that is thinking about it being bothered by it, because right now it’s all broken.