From MozillaWiki
Jump to: navigation, search
This page has been archived and its contents may be out of date.
  • We reject responses with negative Content-Length; Chrome accepts them and ignores the Content-Length (apparently).
  • Chrome implements TLS False Start; we do not
  • Chrome does heuristic cache validation for resources with query strings in their URI; we do not.
  • MSIE requires that a successful connection to the server be made before it will use an HTTPS cache entry; we do not. I don't know what Chrome does here.
  • Our SSL CA certificate database is basically a subset of Windows' and Mac OS X's, so our users are probably more likely to encounter certificate error pages unnecessarily.
  • I have heard that different browsers are handling DNS pinning in different ways, but I haven't investigated it yet.
  • MSIE implements TLS 1.1 and TLS 1.2, but we do not.
  • Safari (on iPhone only?) implements an often-effective (but not always-effective) captive portal detection mechanism. Windows also implements a captive portal detection mechanism (that we should probably integrate with, if possible). We do not have any effective captive portal detection.
  • Other browsers implement persistent OCSP caches, but we do not (for various reasons).
  • Other browsers have more robust certificate chain processing; ours gets confused in some common situations.
  • Chrome implements origin-bound cookies and channel-bound cookies; no other browsers do, but at least the concept seems like a good idea.