Re: Correctly configuring OCSP Stapling cache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,



I.e., the following: Only ever do valid tickets end up in the cache.
After a period that is *shorter* than the ticket lifetime (one day in my
example), Apache tries to refresh the ticket. If a valid ticket is
returned by the responder, that ticket replaces the currently cached one
and is returned. If an invalid ticket ("try again" or timeout) is
returned by the responder, the valid cached ticket is returned.
Did you read https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html ? Judging by https://bz.apache.org/bugzilla/show_bug.cgi?id=57121 it is still unfixed, I wonder why too. 

--

With Best Regards,
Marat Khalili


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux