New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCSP Stapling #1364
Comments
We have this in ebe (commercial version of ejabberd), I'm not sure if the featrue is supposed to be ported to open source version. BTW, in the meantime Google is getting rid of OCSP support in Chrome :) |
OCSP is different to OCSP Stapling. AFAIK "OCSP Stapling" is still used by Chrome if supplied. In any way this is really a basic feature of TLS, so I'd highly suggest to make this available in the open source version. All web bigger web servers (see here) have it and for an XMPP server it would also be very useful. |
OK, my bad, commercial version has pure "OCSP" support, i.e. it has PKIX client authentication support with OCSP/CRL validation. |
It is also a much better solution concerning privacy (as the CA does not have to be contacted) and it is faster too. |
I'm interested in working on this. My guess is that the change to fix this should be introduced in fast_tls, right? |
I don't know. Maybe in |
It would be nice if ejabberd would support OCSP Stapling. Nowadays there is even a way to force this stapling via special certificates, but for this to work you should support OCSP Stapling.
OCSP Stapling is very much recommend and is going to be the default in the web today.
The text was updated successfully, but these errors were encountered: