trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <>
Subject Re: What dangers (if any) to enabling OCSP Stapling?
Date Mon, 23 Jan 2017 18:12:08 GMT

Am 23.01.2017 um 18:40 schrieb Jered Floyd:
> OCSP Stapling is off by default in ATS.
> What risks, if any, are there to enabling it? Given that my issuer
> supports OCSP and many browsers support OCSP and OCSP Stapling, it seems
> like enabling it is the "safest" option.  Is there a reason it is not on
> by default?

not sure how ATS is handling this, with httpd i had a lot of fun in 
timeframes where the godaddy responsers where unstable up to not be able 
to connect to internal admin backends until set the following values in 
the global configuration

SSLStaplingReturnResponderErrors Off
SSLStaplingFakeTryLater Off

View raw message