Dear HengSheng Wang, thanks for your report. We have an alternate OCSP Stapling implementation in the "mod_md" module. You can read about it also here:
https://github.com/icing/mod_md/?tab=readme-ov-file#just-the-stapling-mam This one prefetches and caches OCSP responses in the file system to improve reliability. It also should check response matches more strictly. Due to backward compatibility reasons, we can only recommend to enable stapling to users and not enforce it. But all of this will be moot soon with CAs moving away from OCSP. For example, Let's Encrypt will stop adding OCSP to issued certificates sometime this year. I'd expect other CAs to follow as it is a cost and reliability burden on them. Kind Regards, Stefan > Am 24.06.2025 um 15:26 schrieb Brian Proffitt <b...@apache.org>: > > Forwarded from apa...@apache.org. If you choose to respond, please > respond to the original sender. > > BKP > > ---------- Forwarded message --------- > From: <wh...@mail.ustc.edu.cn> > Date: Tue, Jun 24, 2025 at 8:05 AM > Subject: OCSP Stapling Issues Observed in Apache (2.4.58) > To: apa...@apache.org <apa...@apache.org> > > > Dear Apache HTTP Server Team, > > I am a graduate student at the School of Cyber Science and Technology, > University of Science and Technology of China. During our experimental > analysis of TLS implementations, we observed several potential issues > related to the OCSP Stapling mechanism in Apache. I would like to > share the findings with you in the hope that they may help improve the > robustness and security of the server. > > Findings: > > No Prefetching of OCSP Responses: > Apache does not prefetch OCSP responses ahead of time. Instead, it > initiates OCSP requests only when a client attempts to establish a > connection. This behavior can introduce noticeable delays during the > TLS handshake, particularly when the OCSP responder is slow or > unreachable. > > Stale OCSP Responses Not Immediately Cleared: > Once an OCSP response expires, Apache does not immediately remove it > from the cache. The server may continue to serve the expired response > for some time, potentially impacting clients that strictly validate > OCSP timestamps. > > Invalid Serial Numbers in OCSP Responses Accepted: > Apache appears to accept and serve OCSP responses that contain > certificate serial numbers which do not match the corresponding server > certificate. > > Additionally, we recommend that web servers enable OCSP stapling by > default to increase its adoption. This is crucial for privacy > protection and performance improvement, as most web administrators do > not pay attention to this option. Alternatively, if a certificate > includes the OCSP Must-Staple extension, OCSP stapling should be > explicitly enforced; otherwise, browsers like Firefox may reject the > connection. > > Best regards, > University of Science and Technology of China > > HengSheng Wang > > > > Brian Proffitt > VP, Marketing & Publicity > VP, Conferences
