Standard for checking the revocation status of X.509
The Online Certificate Status Protocol (OCSP) stapling, formally known as the TLS Certificate Status Request extension, is a standard for checking the revocation status of X.509 digital certificates.[1] It allows the presenter of a certificate to bear the resource cost involved in providing Online Certificate Status Protocol (OCSP) responses by appending ("stapling") a time-stamped OCSP response signed by the CA to the initial TLS handshake, eliminating the need for clients to contact the CA, with the aim of improving both security and performance.
^Eastlake, D. (January 2011). "Transport Layer Security (TLS) Extensions: Extension Definitions: Certificate Status Request". Internet Engineering Task Force (IETF). Retrieved March 2, 2015.
The Online Certificate Status Protocol (OCSP) stapling, formally known as the TLS Certificate Status Request extension, is a standard for checking the...
order to use OCSP contributes to the de-perimeterisation trend. The OCSPstapling protocol is an alternative that allows servers to cache OCSP responses...
an important problem with "no complete and efficient solution". OCSP and OCSPstapling are recommended as the "foundation for a possible solution". Certificate...
It was also possible that some applications expose the contents of parsed OCSP extensions, leading to an attacker being able to read the contents of memory...
caching Load balancing with in-band health checks TLS/SSL with SNI and OCSPstapling support, via OpenSSL FastCGI, SCGI, uWSGI support with caching gRPC...
enable (D)TLS protocol versions, extensions, or capabilities (e.g. OCSPstapling, ALPN, DANE, CT validation, etc.) unsupported by client or server applications...
the importance of certificate revocation checking and the benefits of OCSPstapling. The protocol is intended to ensure that web users are aware when they...
released 2018-10-02. This version added flags for control of HTTP/2 and OCSPStapling per site, a compression API and implementing module supporting both...
uWSGI support with caching Dynamic configuration TLS/SSL with SNI and OCSPstapling support, via OpenSSL or wolfSSL. Name- and IP address-based virtual...
resumption of downloads rich HTTPS support (server and client-side SNI, OCSPStapling) built-in HTTP/HTTPS client support, with log-files built-in statistics...
Extensions: Extension Definitions", includes Server Name Indication and OCSPstapling. RFC 6091: "Using OpenPGP Keys for Transport Layer Security (TLS) Authentication"...
since then. This type of attack can be circumvented by websites implementing Certificate Transparency and OCSPstapling or by using browser extensions....
John; Sullivan, Nick; Wilson, Christo (2018). "Is the Web Ready for OCSP Must-Staple?" (PDF). Proceedings of the Internet Measurement Conference 2018. pp...
John; Sullivan, Nick; Wilson, Christo (2018). "Is the Web Ready for OCSP Must-Staple?" (PDF). Proceedings of the Internet Measurement Conference 2018. pp...
John; Sullivan, Nick; Wilson, Christo (2018). "Is the Web Ready for OCSP Must-Staple?" (PDF). Proceedings of the Internet Measurement Conference 2018. pp...