On Wed, 21 Jun 2017 10:40:01 -0700 (PDT) Matthew Hardeman via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:
> Through a little Google digging, I find numerous comments and > references from well informed parties going back quite several years > lamenting the poor state of support of OCSP stapling in both Apache > HTTPD and NGINX. I'm well aware of the rising power that is Caddy, > but it's not there yet. The whole ecosystem could be greatly helped > by making the default shipping versions of those two daemons in the > major distros be ideal OCSP-stapling ready. There is some movement here for apache, see discussion over at the apache dev list: https://lists.apache.org/thread.html/1a61e9dfbd685c4102b097e8189bccb7d5da39bf9f32fcbe7407a760@%3Cdev.httpd.apache.org%3E I'm slightly optimistic that we'll have a better stapling implementation in apache soon. Also CII is interested in funding efforts that improve the state of ocsp stapling. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy