-
Enable OCSP stapling as it increases performance and privacy.
Is also recommended by https://mozilla.github.io/server-side-tls/ssl-config-generator/
Feel free to share any thoughts on this.
-
When we issue a certificate, we call [`issuance.Issuer{}.Issue()`](https://github.com/letsencrypt/boulder/blob/0340b574d903ce23a681feade84b389ab9bd6ae1/issuance/issuance.go#L605). This method double-c…
-
Not necessarily core functionality (the service itself can be fully functional without it), but being able to check certificate status separately may be good; that said, the same (and determining the …
-
And add the following directive to Certbot:
`--must-staple`
-
Add support for OCSP stapling, also known as status_request from [RFC 6066](http://tools.ietf.org/html/rfc6066) and the newer multiple certificate status request from [RFC 6961](http://tools.ietf.org/…
-
Performance and more
https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
helgi updated
6 years ago
-
We have a well known flow for validation of TLS peer certificate during TLS handshake. When other checks are done peer certificate is ok - the code in crypto/x509/x509_vfy.c::check_cert() checks the r…
-
Created by Alya Gomaa via monday.com integration. 🎉
-
In [this bug](https://bugzilla.mozilla.org/show_bug.cgi?id=1588001), Apple shared a [very thorough list of lints they apply to OCSP responses](https://bug1588001.bmoattachments.org/attachment.cgi?id=9…
-
When receiving an OCSP response, AMP Packager should validate that its ProducedAt is within the NotBefore/NotAfter of the cert. I think the place to do that is [here](https://github.com/ampproject/am…