For some unknown reason I was expecting that "SSLStaplingStandardCacheTimeout" was the OCSP polling time to the CA and "SSLStaplingResponseMaxAge" were an absolute timeout if the CA is not answering. But as far as I can tell, "SSLStaplingStandardCacheTimeout" is doing absolutelly nothing in my server. Maybe "SSLStaplingResponseMaxAge" is evaluated when Apache is getting an OCSP answer and "SSLStaplingStandardCacheTimeout" is the actual cache timeout and what I am seeing is that OCSP Stapling that I am serving is not refreshed because it was inserted in the cache less than an hour ago, even if the timestamp is from more than an hour ago? (if the CA has its own caching, for instance). Clarifications? <https://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslstaplingresponsemaxage> <https://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslstaplingstandardcachetimeout> -- Jesús Cea Avión _/_/ _/_/_/ _/_/_/ jcea@xxxxxxx - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/ Twitter: @jcea _/_/ _/_/ _/_/_/_/_/ jabber / xmpp:jcea@xxxxxxxxxx _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz
Attachment:
signature.asc
Description: OpenPGP digital signature
|