On 2016-09-06 10:13, Nick Lamb wrote:
Quality of implementation for OCSP stapling seems to remain poor in at least apache and nginx, two of the most popular servers. Apache's in particular gives me that OpenSSL "We read this standards document and implemented everything in it as a series of config options without any understanding" feeling, rather than Apache's maintainers taking it upon themselves to figure out what will actually work best for most servers and implementing that.
If you think there is something we can do in OpenSSL to improve this, please let us know.
Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy