Chrome stop checking SSL revocations

In an attempt to make Chrome even faster, Google will no longer check if a website's SSL certificate has been revoked. Currently if a CA (certificate authority) server is down, the check cannot be performed and the browser treats it as a soft-fail and continues to load the page. An attacker trying to intercept a secure connection can make it seem as if the server is down, so the browser continues to load the page even if it not secure.

"An attacker who can intercept HTTPS connections can also make online revocation checks appear to fail and so bypass the revocation checks," Google security engineer said in a blog post.

"So soft-fail revocation checks are like a seat-belt that snaps when you crash... Even though it works 99% of the time, it's worthless because it only works when you don't need it."

The certificate check takes around 300ms and delays the loading of a page, precious time when Microsoft and Mozilla are right behind you.

Your opinion matters. Click to discuss.