You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Feifei Cai (JIRA)" <ji...@apache.org> on 2015/03/09 03:30:39 UTC

[jira] [Closed] (TS-3362) Do not staple negative OCSP response

     [ https://issues.apache.org/jira/browse/TS-3362?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Feifei Cai closed TS-3362.
--------------------------
       Resolution: Won't Fix
    Fix Version/s:     (was: sometime)

> Do not staple negative OCSP response
> ------------------------------------
>
>                 Key: TS-3362
>                 URL: https://issues.apache.org/jira/browse/TS-3362
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: SSL
>            Reporter: Feifei Cai
>              Labels: review
>         Attachments: TS-3362.diff
>
>
> When get OCSP response, we check it before cache/staple it. If it's negative, I think we'd better discard it instead of sending back to user agent. This would not increase security risk: User agent would query CA for OCSP response if ATS does not staple it with certificate.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)