We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCSP stapling (see also https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling) must be implemented. Refer to RFC 6066, section 8. Certificate Status Request and RFC 6990 for OCSP definition.
Note that current mbedTLS still don't support OCSP Stapling (Mbed-TLS/mbedtls#880).
A lightweight C++ user-space daemon should periodically query a CA for OCSP staples and load them to Tempesta FW through netlink interface.
It seems also processing of status_request TLS extension in CLIENT HELLO message must be added to TLS handshake state machine.
status_request
CLIENT HELLO
The text was updated successfully, but these errors were encountered:
No branches or pull requests
OCSP stapling (see also https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling) must be implemented. Refer to RFC 6066, section 8. Certificate Status Request and RFC 6990 for OCSP definition.
Note that current mbedTLS still don't support OCSP Stapling (Mbed-TLS/mbedtls#880).
A lightweight C++ user-space daemon should periodically query a CA for OCSP staples and load them to Tempesta FW through netlink interface.
It seems also processing of
status_request
TLS extension inCLIENT HELLO
message must be added to TLS handshake state machine.The text was updated successfully, but these errors were encountered: