[
https://issues.apache.org/jira/browse/TS-2367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14050650#comment-14050650
]
Ben Wilson commented on TS-2367:
--------------------------------
It seems to me that OCSP stapling should be enabled by default rather than
disabled by default. Current statistics from NetCraft show that 98% of Apache
boxes do not use stapling, whereas 98% of Microsoft boxes use stapling. The
differentiator is whether stapling is on or off by default--IIS uses OCSP
stapling by default. From a policy perspective, OCSP Stapling is superior for
privacy-enhancing and performance reasons because clients do not have to seek a
response from a third party - it comes directly from the server, which is why
it is also a more efficient mechanism. Also, all major browser platforms
support stapling, it is provided in mod-ssl, and because of these reasons, the
number of demands for OCSP stapling "out-of-the-box" are likely to grow
substantially over the next several months.
> Add OCSP (Online Certificate Status Protocol) Stapling Support
> ---------------------------------------------------------------
>
> Key: TS-2367
> URL: https://issues.apache.org/jira/browse/TS-2367
> Project: Traffic Server
> Issue Type: New Feature
> Components: HTTP, SSL
> Reporter: Bryan Call
> Assignee: Bryan Call
> Labels: review
> Fix For: 5.1.0
>
> Attachments: TS-2367.diff, TS-2367.diff
>
>
> RFC:
> http://tools.ietf.org/html/rfc6066
> Overview:
> https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling
> http://en.wikipedia.org/wiki/OCSP_stapling
> There is support for this added into openssl 0.9.8g.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
