httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50740] Enable OCSP Stapling by default
Date Tue, 08 Nov 2011 19:12:44 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50740

--- Comment #16 from Kai Engert <kaie@kuix.de> 2011-11-08 19:12:44 UTC ---
While I said, my tests worked fine, let me provide some more details.

I'm using this configuration:
  SSLStaplingCache "shmcb:/home/bpache/local/logs/stapling_scache(512000)"
but I don't see any corresponding file created.

Is this expected?
Do I need to manually initialize it?


Sometimes an OCSP server will reply with "try later", and Apache will send this
status to clients. Maybe that's not helpful, and Apache should rather skip
sending OCSP information.

I think Apache should cache the most recent successful OCSP information it has
retrieved, and save it across server restarts.
I saw that Apache stapled a good response, and after restarting the server, it
stapled a "try later" response.
This might mean that caching is not yet working, or that my configuration is
incorrect.


Question: How often will Apache refresh the OCSP information?

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message