c776c355-3f7d-4476-8bb3-3221fa9f7951
commented
3 years ago When TLS client certificates are used for authentication, servers need to ensure that the certificate is current and hasn't been revoked. In zero-trust and other architectures with heavy use of micro-services, server-side validation of the client certs repeatedly can be a significant burden.
Forcing the client to present a signed, stapled OCSP response to the handshake eliminates this repetitive extra step.
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields: ```python assignee = 'https://github.com/tiran' closed_at = None created_at =
labels = ['expert-SSL', 'type-feature']
title = 'SSL needs client OCSP stapling'
updated_at =
user = 'https://github.com/pprindeville'
```
bugs.python.org fields:
```python
activity =
actor = 'pprindeville'
assignee = 'christian.heimes'
closed = False
closed_date = None
closer = None
components = ['SSL']
creation =
creator = 'pprindeville'
dependencies = []
files = []
hgrepos = []
issue_num = 44783
keywords = []
message_count = 1.0
messages = ['398592']
nosy_count = 2.0
nosy_names = ['christian.heimes', 'pprindeville']
pr_nums = []
priority = 'normal'
resolution = None
stage = None
status = 'open'
superseder = None
type = 'enhancement'
url = 'https://bugs.python.org/issue44783'
versions = []
```