New blog post: How to Configure OCSP Stapling in Apache and nginx https://sslmate.com/blog/post/ocsp_stapling_in_apache_and_nginx …
-
-
@sleevi_ I'm planning to write blog post about this, and file bugs, but thought this wouldn't be an issue unless/until Must-Staple happened. -
@__agwa Definitely file bugs!@BRIAN_____ rightfully pushed for "no junk, period", and I plan to do the same for Chrome (too liberal RN) -
@sleevi_@BRIAN_____ Turns out there's already a 20-month-old bug for nginx. I'll look into submitting a patch. http://trac.nginx.org/nginx/ticket/425 … -
@sleevi_@BRIAN_____ Patch submitted! http://mailman.nginx.org/pipermail/nginx-devel/2015-June/006986.html … (btw, thanks for the kind shoutout earlier :-) -
@__agwa@BRIAN_____ Quick! And thanks! Seriously, you're doing great work that I wish more CAs would help {fund, contribute} themselves -
@__agwa@BRIAN_____ There's so many ponies I would wish for with OCSP stapling (basically, what MSFT does with IIS) -
@__agwa@BRIAN_____ background fetching a new response before current has expired, RFC 5019 handling, supporting reverse OCSP proxies for FE -
@sleevi_@BRIAN_____ Yes - background fetching! Apache/nginx's use of the OpenSSL callback to initiate the fetch is so braindead.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.