Firefox OCSP policy

As far as I know, OCSP checking is enabled by default in Firefox and the default timeout is 2000ms.

I am interested to know whether the request is blocking call, ie: the page load halts before the OCSP response(s) are at hand.

Furthermore, which files should I edit to 1) disable OCSP checking, 2) Increase the timeout value of OCSP checking.
P.S. I am building Firefox on Linux using this manual:

I believe you can view the relevant preferences this way:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.

(2) In the search box in the page, type or paste security.ocsp and pause while the list is filtered

Firefox should show at least:

  • security.OCSP.enabled [0=do not check; 1=check all (default); 2=check EVSSL Certs only]
  • security.OCSP.require [default is false; lack of OCSP server response does not block]
  • security.OCSP.timeoutMilliseconds.hard
  • security.OCSP.timeoutMilliseconds.soft

As for where they are set in the original code, you could search your source files.

Regarding what is blocked, if the server supports OCSP stapling, Firefox does not need to perform an OCSP lookup, so I think it would be unusual to have much delay.