Firefox will most likely move to OCSP stapling only in the next 3 to 6
months. Classic OCSP is too slow, and too error prone.
We've been working with Riverbed to deploy OCSP Stapling on Stingray
(formally Zeus) load balancer. They have a solid implementation that can
be used as a reference.
On Tue, Nov 6, 2012 at 8:08 PM, Willy Tarreau w...@1wt.eu wrote:
I believe the official word at one point was that OCSP stapling of chains
should be accomplished by including the entire chain in the OCSP request,
delivering that compound OCSP response via the TLS Certificate Status Request
On Tue, Nov 6, 2012 at 11:08 PM, Willy Tarreau w...@1wt.eu wrote:
I would say the periodic-request aspect of it is pretty trivial; you add a
timer to the event loop that expires in some configurable amount of time,
e.g. a bit before the last OCSP response expires, and you cache the result
3 matches
Mail list logo
