On 4 Oct 2015, at 11:38, Kaspar Brand wrote:
>
> As far as the mod_ssl side is related, it seems to me that for the
> "SSLStaplingReturnResponderErrors off" case, we should make sure that we only
> staple responses with status "good" (i.e. OCSP_RESPONSE_STATUS_SUCCESSFUL and
>
On 03.10.2015 12:07, Reindl Harald wrote:
> Am 03.10.2015 um 11:16 schrieb Kaspar Brand:
>> What do you have security.OCSP.require set to? If it's "true" (a setting
>> no longer configurable through the UI, BTW, see
>> https://bugzilla.mozilla.org/show_bug.cgi?id=1034360), then Firefox
>> shows a
On 01.10.2015 16:32, Reindl Harald wrote:
> Am 01.10.2015 um 16:29 schrieb Plüm, Rüdiger, Vodafone Group:
>> The question is: What happens on Firefox side. Of course it still tries to
>> get to the OCSP server, but it should not cause an error on Firefox side if
>> this does not work.
>
> no,
Am 03.10.2015 um 11:16 schrieb Kaspar Brand:
On 01.10.2015 16:32, Reindl Harald wrote:
Am 01.10.2015 um 16:29 schrieb Plüm, Rüdiger, Vodafone Group:
The question is: What happens on Firefox side. Of course it still tries to get
to the OCSP server, but it should not cause an error on Firefox
Am 01.10.2015 um 15:08 schrieb Reindl Harald:
Am 01.10.2015 um 14:53 schrieb Plüm, Rüdiger, Vodafone Group:
not really, i had the error message just now again in FF, the difference
was that now a "try again" loaded the page but with
"SSLStaplingReturnResponderErrors" i would expect it
Am 01.10.2015 um 14:53 schrieb Plüm, Rüdiger, Vodafone Group:
-Ursprüngliche Nachricht-
Von: Reindl Harald [mailto:h.rei...@thelounge.net]
The default for SSLStaplingReturnResponderErrors is relatively odd.
Not sure why it has always defaulted to "on" (r829619), but setting it
to off
Am 30.09.2015 um 08:42 schrieb Kaspar Brand:
On 29.09.2015 18:24, Reindl Harald wrote:
i just restarted the servers and disabled stapling since all our
servcies where unreachable (before i write the second mail 5 different
hosts with several sites where affected)
in fact the error caching
Am 01.10.2015 um 16:29 schrieb Plüm, Rüdiger, Vodafone Group:
-Ursprüngliche Nachricht-
Von: Reindl Harald [mailto:h.rei...@thelounge.net]
Gesendet: Donnerstag, 1. Oktober 2015 15:18
An: dev@httpd.apache.org
Betreff: Re: SSLUseStapling: ssl handshake fails until httpd restart
Am
On 29.09.2015 18:24, Reindl Harald wrote:
> i just restarted the servers and disabled stapling since all our
> servcies where unreachable (before i write the second mail 5 different
> hosts with several sites where affected)
>
> in fact the error caching does more harm than benefits - IHMO a
On 09/29/2015 04:20 AM, Reindl Harald wrote:
is that by intention?
The default timeout before retrying an error seems to be 10 minutes (see
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslstaplingerrorcachetimeout),
which is pretty excessive.
As far as you recall about the time period
Am 29.09.2015 um 10:20 schrieb Reindl Harald:
is that by intention?
firefox refused to open our adminpanel with the error below until i
restarted httpd - i suggest the server should retry SSLUseStapling when
a new client connects and it has failed for whatever reason
SSLUseStapling On
An
Am 29.09.2015 um 17:31 schrieb Jeff Trawick:
On 09/29/2015 04:20 AM, Reindl Harald wrote:
is that by intention?
The default timeout before retrying an error seems to be 10 minutes (see
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslstaplingerrorcachetimeout),
which is pretty
12 matches
Mail list logo
