I have to second this. Just days after the Heartbleed disaster struck, my Firefox (v24; Debian "Iceweasel") sometimes takes more than 30 minutes (!) to load SSL-encrypted websites, as it first downloads some 50MB of CRLs from ocsp.comodoca.com (verified what it is doing using tcpdump). Disabling OCSP certificate checks fixes the problem.
I haven't encountered the issue under Ubuntu 12.04, maybe newer Firefoxes have some timeouts built in, or the certificate database works faster on my Ubuntu PC (the Debian system uses NFS which may slow down the sqlite database a lot.)
This is like single point of failure designed into a protocol. Unbelievable.
I have to second this. Just days after the Heartbleed disaster struck, my Firefox (v24; Debian "Iceweasel") sometimes takes more than 30 minutes (!) to load SSL-encrypted websites, as it first downloads some 50MB of CRLs from ocsp.comodoca.com (verified what it is doing using tcpdump). Disabling OCSP certificate checks fixes the problem.
I haven't encountered the issue under Ubuntu 12.04, maybe newer Firefoxes have some timeouts built in, or the certificate database works faster on my Ubuntu PC (the Debian system uses NFS which may slow down the sqlite database a lot.)
This is like single point of failure designed into a protocol. Unbelievable.