> On Dec 5, 2018, at 4:49 AM, Jan Just Keijser <janjust@xxxxxxxxx> wrote: > > The only reason to use OCSP I currently have is in Firefox: if you turn off > "Query OCSP responder servers" in Firefox then EV certificates will no longer > show up with their owner/domain name. IIRC Apple's Safari is ending support for EV, and some say that EV has failed, and are not sorry to see it go. > Now the question is: does Firefox get OCSP "right" ;) ? Very likely yes. The Firefox TLS stack is maintained by experts. [ Also, FWIW, Firefox uses the "nss" library, not OpenSSL. ] -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
