You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Jesus Cea <jc...@jcea.es> on 2014/05/28 20:13:35 UTC

[users@httpd] Interaction between "SSLStaplingResponseMaxAge" and "SSLStaplingStandardCacheTimeout"

For some unknown reason I was expecting that
"SSLStaplingStandardCacheTimeout" was the OCSP polling time to the CA
and "SSLStaplingResponseMaxAge" were an absolute timeout if the CA is
not answering.

But as far as I can tell, "SSLStaplingStandardCacheTimeout" is doing
absolutelly nothing in my server.

Maybe "SSLStaplingResponseMaxAge" is evaluated when Apache is getting an
OCSP answer and "SSLStaplingStandardCacheTimeout" is the actual cache
timeout and what I am seeing is that OCSP Stapling that I am serving is
not refreshed because it was inserted in the cache less than an hour
ago, even if the timestamp is from more than an hour ago? (if the CA has
its own caching, for instance).

Clarifications?

<https://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslstaplingresponsemaxage>

<https://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslstaplingstandardcachetimeout>

-- 
Jesús Cea Avión                         _/_/      _/_/_/        _/_/_/
jcea@jcea.es - http://www.jcea.es/     _/_/    _/_/  _/_/    _/_/  _/_/
Twitter: @jcea                        _/_/    _/_/          _/_/_/_/_/
jabber / xmpp:jcea@jabber.org  _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz