httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 50740] Enable OCSP Stapling by default
Date Tue, 08 Nov 2011 19:12:44 GMT

--- Comment #16 from Kai Engert <> 2011-11-08 19:12:44 UTC ---
While I said, my tests worked fine, let me provide some more details.

I'm using this configuration:
  SSLStaplingCache "shmcb:/home/bpache/local/logs/stapling_scache(512000)"
but I don't see any corresponding file created.

Is this expected?
Do I need to manually initialize it?

Sometimes an OCSP server will reply with "try later", and Apache will send this
status to clients. Maybe that's not helpful, and Apache should rather skip
sending OCSP information.

I think Apache should cache the most recent successful OCSP information it has
retrieved, and save it across server restarts.
I saw that Apache stapled a good response, and after restarting the server, it
stapled a "try later" response.
This might mean that caching is not yet working, or that my configuration is

Question: How often will Apache refresh the OCSP information?

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message