Welcome! Log In Create A New Profile

Advanced

Re: OCSP stapling broken with 1.15.4

Previous Message Next Message
Forum List Message List New Topic Print View
Bernardo Donadio
October 01, 2018 09:44AM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 10/1/18 10:04 AM, A. Schulze wrote:
> Did you try to measure twice?

Indeed, with further tests I think that the stapling is working...
sometimes.

I've restored the 1.15.4 package and have been making some requests.
Some of them are correctly stapled, others do not. There's no restart
between tests.

I'm not using the staple file, though. Is this behavior expected
without such configuration? Also, I've enabled ssl_early_data.

[bcdonadio@RJ_DVP0100 ~]$ date; openssl s_client -connect
bcdonadio.com:443 -tlsextdebug -status 2>/dev/null | grep -i ocsp
Mon Oct 1 10:24:07 -03 2018
OCSP response:
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
^C
[bcdonadio@RJ_DVP0100 ~]$ date; openssl s_client -connect
bcdonadio.com:443 -tlsextdebug -status 2>/dev/null | grep -i ocsp
Mon Oct 1 10:27:02 -03 2018
OCSP response: no response sent
^C
[bcdonadio@RJ_DVP0100 ~]$ date; openssl s_client -connect
bcdonadio.com:443 -tlsextdebug -status 2>/dev/null | grep -i ocsp
Mon Oct 1 10:39:18 -03 2018
OCSP response: no response sent
^C
[bcdonadio@RJ_DVP0100 ~]$ date; openssl s_client -connect
bcdonadio.com:443 -tlsextdebug -status 2>/dev/null | grep -i ocsp
Mon Oct 1 10:39:27 -03 2018
OCSP response:
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
^C

- --
Bernardo Donadio
IT Automation Engineer at Stone Payments
https://bcdonadio.com/
-----BEGIN PGP SIGNATURE-----

iQEyBAEBCAAdFiEE8FSjwkTqZIehCHZPeerwWqhCJOUFAluyJGgACgkQeerwWqhC
JOWYMwf3fY7w+Dg3vYolWg5C0ySB71TwzUIYSJgWB5ZUXy6gRqLg5TUmkQuP04Gb
EcxOR3BVmOaXox3vYkedXwzC3KK7DGYbuqL4QciVPAh/lzYSvLhWn8ufdKVHXFaa
xuNA9tNd6UAFcty4SGdOraVrJ3JAtm9R8LvFA/baX5D7PItwupDWA/FsvqjILNiB
pLZTS05m8b2RWthNWIXEik8L/arbbp8dFzYskJDez8cZCn3Uew8GnHsaU7/h10bT
arUh3AvUbvapZsE6tfz74ko6tk9LHQyk/dHLJo9xR/f3EK55WQgWrwSuBFlAF7Fe
3uEQoFBwxc0gFo3GyBa3mHCjrs1t
=JlI3
-----END PGP SIGNATURE-----
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

OCSP stapling broken with 1.15.4

Bernardo Donadio October 01, 2018 08:36AM

Re: OCSP stapling broken with 1.15.4

A. Schulze October 01, 2018 09:06AM

Re: OCSP stapling broken with 1.15.4

Bernardo Donadio October 01, 2018 09:44AM

RE: OCSP stapling broken with 1.15.4

Reinis Rozitis October 01, 2018 10:48AM

Re: OCSP stapling broken with 1.15.4

A. Schulze October 01, 2018 10:50AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 164
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready