> On Dec 5, 2018, at 4:49 AM, Jan Just Keijser <janj...@nikhef.nl> wrote:
>
> The only reason to use OCSP I currently have is in Firefox: if you turn off
> "Query OCSP responder servers" in Firefox then EV certificates will no longer
> show up with their owner/domain name.
IIRC Apple's Safari is ending support for EV, and some say that EV
has failed, and are not sorry to see it go.
> Now the question is: does Firefox get OCSP "right" ;) ?
Very likely yes. The Firefox TLS stack is maintained by experts.
[ Also, FWIW, Firefox uses the "nss" library, not OpenSSL. ]
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
