OCSP stapling #831

krizhanovsky · 2017-08-31T20:29:16Z

Note that current mbedTLS still don't support OCSP Stapling (Mbed-TLS/mbedtls#880).

A lightweight C++ user-space daemon should periodically query a CA for OCSP staples and load them to Tempesta FW through netlink interface.

It seems also processing of status_request TLS extension in CLIENT HELLO message must be added to TLS handshake state machine.

The text was updated successfully, but these errors were encountered:

krizhanovsky added the enhancement label Aug 31, 2017

krizhanovsky added this to the 1.0 WebOS milestone Aug 31, 2017

krizhanovsky modified the milestones: backlog, 0.8 TDB v0.2 May 26, 2018

krizhanovsky changed the title ~~OCSP stapling~~ TLS: OCSP stapling May 27, 2018

krizhanovsky modified the milestones: 1.2 TDB v0.2, 1.1 QUIC Aug 8, 2018

krizhanovsky added the TLS Tempesta TLS module and related issues label Aug 13, 2020

krizhanovsky changed the title ~~TLS: OCSP stapling~~ OCSP stapling Aug 13, 2020

krizhanovsky mentioned this issue Aug 13, 2020

TLS: client certificates validation #830

Open

krizhanovsky modified the milestones: 1.1 TBD - ML, DoH and other features after 1.0, backlog Aug 13, 2020

krizhanovsky mentioned this issue Aug 13, 2020

Full TLS proxying #769

Open

krizhanovsky modified the milestones: backlog, 0.9 QUIC & Advanced DDoS mitigation May 5, 2021

krizhanovsky modified the milestones: 0.9 - TDB, 1.2 TBD Jan 3, 2022

krizhanovsky modified the milestones: 1.xx TBD, backlog Apr 19, 2023

Provide feedback