Am 23.01.2017 um 18:40 schrieb Jered Floyd:
OCSP Stapling is off by default in ATS. What risks, if any, are there to enabling it? Given that my issuer supports OCSP and many browsers support OCSP and OCSP Stapling, it seems like enabling it is the "safest" option. Is there a reason it is not on by default?
not sure how ATS is handling this, with httpd i had a lot of fun in timeframes where the godaddy responsers where unstable up to not be able to connect to internal admin backends until set the following values in the global configuration
SSLStaplingReturnResponderErrors Off SSLStaplingFakeTryLater Off
