Opera 12.17 no longer works with https for me

bluejeans

bluejeans

Great news! Thanks, folks! There's still a little life left in The Real (Presto-based) Opera!

Now that I've updated to 12.18, what do you suggest I should do with the security settings?

TLS 1.1, TLS 1.2 - disable/enable? OCSP Validate Certificates?

sgunhouse

sgunhouse Moderator Volunteer

Need TLS 1.1 and 1.2 for sure, no idea on the validation.

blackbird71

blackbird71

I'd suggest disabling the OCSP validation, at least if it causes excessive CPU usage. See my May 2015 post above for some OCSP details: https://forums.opera.com/post/76110

Only if Opera's CRL lookup process is failing for some reaon or goes unsupported by Opera would one necessarily need to use the alternative OCSP option. Both CRL and OCSP are look-up processes to check if a security certificate on the system or browser has been revoked for some reason (cert hacking or counterfeiting being two such reasons).

bluejeans

bluejeans

So I've enabled TLS 1.1 and 1.2. Additionally, I've turned on SSL3 too (it was off). I've left OCSP validation off. Thanks for the helpful and quick replies!

rseiler

rseiler

Though OCSP=0 is what caused the excessive CPU usage for me back then. I haven't disabled it again since then.

blackbird71

blackbird71

Though OCSP=0 is what caused the excessive CPU usage for me back then. I haven't disabled it again since then.

Ahh... I apparently missed that somehow and got your experience backwards. In any case, one can always try it either way and see what happens, remembering to reverse the setting and try again if it creates an issue.

blackbird71

blackbird71

So I've enabled TLS 1.1 and 1.2. Additionally, I've turned on SSL3 too (it was off). I've left OCSP validation off. Thanks for the helpful and quick replies!

I would be cautious about enabling SSL3 unless/until you encounter a site you must use that requires it - and then only for that site if the site security isn't that critically needed. SSL3 is now considered a weak or exploitable protocol, in particular regarding "Poodle" attacks that started a year or so ago. See: https://wiki.openssl.org/index.php/SSL_and_TLS_Protocols#POODLE_:_SSLv3_harmful

bluejeans

bluejeans

@blackbird71 Aha, nice of you to warn me. I remember incorrectly, and thought the exploit was for SSL2.

@rseiler As for OCSP, I suppose I'll turn it on and see if the CPU spikes less or more than what I'm used to.

Great forum!

A Former User

"Since this thread was bumped anyway, all of the above problems were solved with 12.18."

The https blockade problem? No, it is still there (or again?).

sgunhouse

sgunhouse Moderator Volunteer

Example?

A Former User

Example?

Maybe I made an error: now, when I test it, 12.18 does not block the https sites which I tested.

A Former User

If it happens again, heed which sites were open in other tabs, then the site(s) (and page) where the problem occurs, plus your current browser settings - if you change some. It might be a temporary setting - like Turbo on/off, or show/don't show images... Besides, your current connection specs may be changing...
Which type of internet connection are you on generally?