[ https://issues.apache.org/jira/browse/TS-2367?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14050650#comment-14050650 ]
Ben Wilson commented on TS-2367: -------------------------------- It seems to me that OCSP stapling should be enabled by default rather than disabled by default. Current statistics from NetCraft show that 98% of Apache boxes do not use stapling, whereas 98% of Microsoft boxes use stapling. The differentiator is whether stapling is on or off by default--IIS uses OCSP stapling by default. From a policy perspective, OCSP Stapling is superior for privacy-enhancing and performance reasons because clients do not have to seek a response from a third party - it comes directly from the server, which is why it is also a more efficient mechanism. Also, all major browser platforms support stapling, it is provided in mod-ssl, and because of these reasons, the number of demands for OCSP stapling "out-of-the-box" are likely to grow substantially over the next several months. > Add OCSP (Online Certificate Status Protocol) Stapling Support > --------------------------------------------------------------- > > Key: TS-2367 > URL: https://issues.apache.org/jira/browse/TS-2367 > Project: Traffic Server > Issue Type: New Feature > Components: HTTP, SSL > Reporter: Bryan Call > Assignee: Bryan Call > Labels: review > Fix For: 5.1.0 > > Attachments: TS-2367.diff, TS-2367.diff > > > RFC: > http://tools.ietf.org/html/rfc6066 > Overview: > https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling > http://en.wikipedia.org/wiki/OCSP_stapling > There is support for this added into openssl 0.9.8g. -- This message was sent by Atlassian JIRA (v6.2#6252)