Firefox just made themselves the best browser for HTTPS revocation, with OCSP Must-staple and short-lived certs: https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/ …
-
-
@BRIAN_____@sleevi_@hanno@rlbarnes@konklone oh, servers support that? -
@FiloSottile@sleevi_@hanno@rlbarnes@konklone Yes. You give the server the path to OCSP response file & send a HUP when you update it. -
@BRIAN_____@FiloSottile@sleevi_@hanno@rlbarnes@konklone I wouldn’t use that approach with, say, Apache. Restarts can get complicated. -
@ivanristic@FiloSottile@sleevi_@hanno@rlbarnes@konklone There are better ways, for sure. This is a very easy way. Good for prototyping.
End of conversation
New conversation -
-
-
@BRIAN_____ why not running nginx without ssl_stapling_verify?#YOLOcrypto -
@selecadm People do it, and some guides even recommend it.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.