You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2020/01/31 16:53:38 UTC
[Bug 57121] ocsp stapling should not pass temporary server outages
to clients
https://bz.apache.org/bugzilla/show_bug.cgi?id=57121
--- Comment #4 from Damien B <br...@hotmail.com> ---
This bug is still unsolved after nearly 5 years...
We experienced today an outage due to Digicert OCSP server failure.
The only solution was to disable OCSP Stappling.
Luckily we were not using ssl cert with OCSP Must-Staple option!
This should be considered as a high priority bug.
OCSP server are not reliable and they can be down for several hours (like
today) or even days (like in 2017 for let's encryt).
Some people have even built OCSP-proxy to fix this beaviour and do the job
instead of apache:
https://community.letsencrypt.org/t/robust-ocsp-stapling-with-apache-httpd/87896
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org