Twitter | Pretraživanje | |
SSLMate
New blog post: How to Configure OCSP Stapling in Apache and nginx
10:04 - 4. lip 2015.
Reply Retweet Označi sa "sviđa mi se" More
Andrew Ayer 4. lip 2015.
Odgovor korisniku/ci @sleevi_
1) Apache never validates and 2) I saw conditions in nginx source under which junk could be returned even if validation turned on.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Andrew Ayer 4. lip 2015.
Odgovor korisniku/ci @sleevi_
I'm planning to write blog post about this, and file bugs, but thought this wouldn't be an issue unless/until Must-Staple happened.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Andrew Ayer 4. lip 2015.
Odgovor korisniku/ci @sleevi_ @BRIAN_____
Turns out there's already a 20-month-old bug for nginx. I'll look into submitting a patch.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Andrew Ayer 4. lip 2015.
Odgovor korisniku/ci @sleevi_ @BRIAN_____
Patch submitted! (btw, thanks for the kind shoutout earlier :-)
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Jacob H-A 4. lip 2015.
Odgovor korisniku/ci @sleevi_ @ECCTLS
Yep, this is a problem with the current design. Considering to block issuance on OCSP readiness- what do you think?
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Ivan Ristic 5. lip 2015.
Odgovor korisniku/ci @j4cob @sleevi_ @ECCTLS
Please do. Users shouldn’t get certificates if the entire infrastructure is not ready to handle them.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Andrew Ayer 4. lip 2015.
Odgovor korisniku/ci @sleevi_ @SSLMate
Thanks. I did not realize browsers would hard-fail stapled OCSP responses. This is concerning to me because...
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Quien es mas Groucho 4. lip 2015.
Odgovor korisniku/ci @SSLMate @sleevi_
awesome write up! Might want to advise that web server response cache age should be less than max age in the ocsp response
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Ryan Hurst 4. lip 2015.
Odgovor korisniku/ci @sleevi_ @__agwa @BRIAN_____
I have a list!
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Ryan Hurst 4. lip 2015.
Odgovor korisniku/ci @sleevi_ @__agwa @BRIAN_____
yes. There are many ponies I want for these web servers.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"