Project

General

Profile

Feature #2469

OCSP Stapling

Added by holler about 4 years ago. Updated 3 months ago.

Status:
Reopened
Priority:
Low
Assignee:
-
Category:
TLS
Target version:
Start date:
2013-02-04
Due date:
% Done:

0%

Missing in 1.5.x:
No

Description

OCSP stapling was defined in 2006 and allows a web server to retrieve a signed time-stamped message containing the status of its own certificate that is passed to its client. This saves the client the need to make a connection back to the issuing CA to check the status of the certificate. This has both performance and privacy benefits for the client.

This is supported by the following web-servers:

- Apache 2.3 and later
- NginX 1.3.7 and later
- IIS 7.0 and later

Nothing in my favorite Lighttpd yet? :(


Related issues

Related to Feature #2278: OCSP support in lighttpd New 2010-12-10

History

#1 Updated by stbuehler almost 4 years ago

  • Target version set to 1.4.x

Notes:

  • No API documentation found: SSL_set_tlsext_status_ocsp_resp == SSL_ctrl(SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP) ?
  • afaics this has to be set in a blocking callback, cache response
    • for files: refresh if needed and file got changed
    • probably won't support retrieving ocsp response over network

#2 Updated by gstrauss 11 months ago

  • Category set to TLS

#3 Updated by carpii 6 months ago

Just adding that I would love to see this in lighty 1.4.x also

[Edit, although 1.4 sounds unlikely. This ticket is a dupe of #2278 ]

#4 Updated by gstrauss 6 months ago

#5 Updated by gstrauss 6 months ago

  • Status changed from New to Duplicate

Never say never. :) Adding this to lighttpd 1.4.x is on the table, but not being worked on at the moment.

#6 Updated by gstrauss 3 months ago

#7 Updated by gstrauss 3 months ago

#8 Updated by gstrauss 3 months ago

  • Status changed from Duplicate to Reopened

#2278 requests support for receiving OCSP from client.

This ticket requests the lighttpd send OCSP stapling info.

Also available in: Atom