Firefox seems to be a really second class citizen across all of Microsoft's web properties. Stuff just randomly breaks, or isn't implemented, and the solution is to use Chrome or Edge.

You could find some irony in Microsoft not supporting software that fails to implement modern security but this really is Firefox’s problem, not Microsoft’s.

No, it's definitely Microsoft's broken code. Earlier today Teams told me angrily to use Chrome, when I was in fact, using Chrome.

I tend to like all the 'Your browser is not supported' codswallop. They promote Edge beyond any reasonable measure.

8 year old issue suddenly getting lots of attention :)

https://bugzilla.mozilla.org/show_bug.cgi?id=966856

I am not sure who's to blame here.

I understand Microsoft's reason here, SHA-1 is not suitable to OCSP requests (because it's a cryptographic-sensitive matter), and SHA-256 hashes for OCSP has been already standadised. On the other hand, there's no signalling that Microsoft, or indeed any PKI/CA operator, to switch to SHA-256 (except for the tenuous case of Microsoft announcing that it'll migrate to SHA-2 for all its cryptographic systems).

I'd say it's on Firefox.

FWIW the solution is to disable OCSP support in Firefox. Not exactly best practice security-wise (how are you going to know the certificate is revoked?), but will let you access the problematic Microsoft sites again.

Go to "about:config" Change security.ssl.enable_ocsp_stapling to false.

xbox.com, windows.com and microsoft.com did this for me yesterday, and is still doing it. Works fine in Chromium, strangely enough. Looks like someone broke something in the web server.