@SSLMate You do want to verify OCSP status and make sure you're not serving junk. Serving junk will break FF and (hopefully soon) Chrome
-
-
Replying to @sleevi_2 replies 0 retweets 0 likes
-
Replying to @__agwa
@__agwa Definitely file bugs!@BRIAN_____ rightfully pushed for "no junk, period", and I plan to do the same for Chrome (too liberal RN)1 reply 0 retweets 0 likes -
Replying to @sleevi_
@sleevi_@BRIAN_____ Turns out there's already a 20-month-old bug for nginx. I'll look into submitting a patch. http://trac.nginx.org/nginx/ticket/425 …1 reply 0 retweets 3 likes -
Replying to @__agwa
@sleevi_@BRIAN_____ Patch submitted! http://mailman.nginx.org/pipermail/nginx-devel/2015-June/006986.html … (btw, thanks for the kind shoutout earlier :-)2 replies 0 retweets 1 like -
Replying to @__agwa
@__agwa@BRIAN_____ Quick! And thanks! Seriously, you're doing great work that I wish more CAs would help {fund, contribute} themselves1 reply 0 retweets 1 like -
Replying to @sleevi_
@__agwa@BRIAN_____ There's so many ponies I would wish for with OCSP stapling (basically, what MSFT does with IIS)3 replies 0 retweets 0 likes -
Replying to @sleevi_
@__agwa@BRIAN_____ background fetching a new response before current has expired, RFC 5019 handling, supporting reverse OCSP proxies for FE2 replies 0 retweets 0 likes
@sleevi_ @BRIAN_____ Yes - background fetching! Apache/nginx's use of the OpenSSL callback to initiate the fetch is so braindead.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.