On Sat, Oct 21, 2023 at 09:23:51AM +0300, Mark wrote: > So, no idea on this?
No. OCSP does work for me on 7.4 when enabled, both with httpd and nginx. With nginx, you need to have accessed the page at least once so it fetches and caches the staple and that may depend on the per worker process. I see no fundamental issues in my testing and this was confirmed independently by others who have various setups with various CAs. For example doing $ nc -cvz www.openbsd.org 443 will show good OCSP stapling. Similar with $ openssl s_client -status -connect www.openbsd.org:443 on several OS with various openssl variants. So there are no SSL issues per se. > There are people having similar SSL issues (have been reading about them in > IRC channels) I take your word for it. No actionable bug report reached the relevant mailing lists. A minimal, known working configuration with 7.3 that stops working with 7.4 will probably help.
