-
When only `-port` is used, the OCSP responder listens on `0.0.0.0`, which is limited to IPv4 and unusable in IPv6-only environments. The dual-stack wildcard address `::` would be a much better option.…
-
Even it complicates things, use an intermediate server cert and let CA cert only have `KeyUsageCertSign` (`KeyUsageDigitalSignature` might also be required). Leave key encipherment, client/server vali…
-
Hi,
Could you support OCSP?
It would be really cool to know after a TLS scan if OCSP is correctly enabled.
@angristan will be very happy too.
Thanks,
HLFH
-
When testing a workaround for issue #1058, I observed that freenginx OCSP stapling tests still fail even with the workaround in place (again, testing with LibreSSL 3.9.2). Digging further suggests tha…
-
Firefox skips OCSP checks for certificates with a lifetime of under 10 days. At this point, OCSP stapling becomes redundant: since the whole certificate will renew within days, an additional parameter…
-
(This is used to request new product features, please visit for questions on using Istio)
**Describe the feature request**
For Istio Gateway's with `MUTUAL` or `OPTIONAL_MUTUAL` TLS modes, there …
-
## Information
https://whatismybrowser.com/w/QCB7F49
## Help request
### Problem
OCSP is not enabled after using the generated configuration. Multiple tools (digicert helpers, ssllabs,…
-
To replace some additional existing infrastructure with Boulder Observer, we'd want to add three more things to probe:
1. The validity and remaining lifetime of the CRL at a given URL
2. The remai…
-
hi ,i want to use ocsp to check the certificate , when the stream mode can support?
-
**Is your feature request related to a problem? Please describe.**
Similar to #258 could we also have a feature that the OCSP check loops over all "CA Issuers" found in the certificate? Currently i…