[ https://issues.apache.org/jira/browse/TS-3362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14303589#comment-14303589 ]
Sudheer Vinukonda edited comment on TS-3362 at 2/3/15 5:05 PM: --------------------------------------------------------------- Agree - If the concern is on serving a *stale* negative response, we could perhaps consider shorter refresh times (or even none?) for caching a negative response? was (Author: sudheerv): Agree - If the concern is on serving a *stale* negative response, we could perhaps consider shorter refresh times (or even none) for caching a negative response? > Do not staple negative OCSP response > ------------------------------------ > > Key: TS-3362 > URL: https://issues.apache.org/jira/browse/TS-3362 > Project: Traffic Server > Issue Type: Improvement > Components: SSL > Reporter: Feifei Cai > Attachments: TS-3362.diff > > > When get OCSP response, we check it before cache/staple it. If it's negative, > I think we'd better discard it instead of sending back to user agent. This > would not increase security risk: User agent would query CA for OCSP response > if ATS does not staple it with certificate. -- This message was sent by Atlassian JIRA (v6.3.4#6332)