![]() ![]() ![]() (For a more complete history of this issue, please read SSL.com’s article, Page Load Optimization: OCSP Stapling).įor these reasons, web browsers have implemented a range of solutions to reduce or eliminate the need for online revocation checking. Because online OCSP queries fail so often and are impossible in some situations (such as with captive portals), browsers generally implement OCSP checking in “soft-fail” mode, rendering it ineffective at deterring a determined attacker. ![]() Unless a server is configured to use OCSP Stapling, online revocation checking by web browsers is both slow and privacy-compromising. Checking the revocation status of SSL/TLS certificates presented by HTTPS websites is an ongoing problem in web security. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |