On Wednesday 09 Feb 2011 09:39:36 Rob Stradling wrote: > On Wednesday 05 Jan 2011 10:03:19 Rob Stradling wrote: > > On Friday 24 December 2010 16:24:03 Igor Galić wrote: > > <snip> > > > > > If we want to see more extensive testing in the field, > > > then this is the right time to make 'On' the default. > > > > Steve, has Igor persuaded you? > > I was hoping to generate a bit more discussion and to reach consensus on > the "when" question here on-list, but never mind. > > I've just filed "Bug 50740 - Enable OCSP Stapling by default".
On a related note, I've also just filed "Bug 50742 - Detect when the OpenSSL runtime library is vulnerable to CVE-2011-0014". I think it makes sense to *not* enable OCSP Stapling by default when a vulnerable version of OpenSSL is being used. Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online