OCSP Stapling

[Nothing4You]

Please implement OCSP Stapling. This is especially useful to 1. reduce load of OCSP servers and 2. prevent privacy leaks of who is connecting to your host towards the OCSP server.

[biergaizi]

+1.

[robert-scheck]

Any chance?

[brunoos]

I don't know how hard is to implement this. I'm focused on university stuffs, I need to find free time for it.

[mimi89999]

Hello, Are there any news on this?

[brunoos]

Sorry, I confess I did not look anything about it. I will try to find time to see it.

[Zash]

I started some exploratory coding in https://github.com/Zash/luasec/tree/ocsp that I believe manages a partial client-side OCSP check. No idea how to do the server-side parts yet, or how to check the cert for the must-staple flag.