heimdall icon indicating copy to clipboard operation
heimdall copied to clipboard
verified publisher icon dadrus

OCSP Stapling support

Open dadrus opened this issue 2 years ago • 0 comments

Preflight checklist

  • [X] I agree to follow this project's Code of Conduct.
  • [X] I have read and am following this repository's Contribution Guidelines."
  • [ ] I have discussed this feature request with the community.

Describe the background of your feature request

The Transport Layer Security (TLS) Extension RFC6066 framework defines, among other extensions, the Certificate Status extension (also referred to as "OCSP stapling") that clients can use to request the server's copy of the current status of its certificate. The benefits of this extension include a reduced number of roundtrips and network delays for the client to verify the status of the server's certificate and a reduced load on the certificate issuer's status response servers, thus solving a problem that can become significant when the issued certificate is presented by a frequently visited server.

This extension is not yet supported by heimdall

Describe your idea

Implement support for OCSP stapling

Are there any workarounds or alternatives?

No

Version

v0.11.1-alpha

Additional Context

No response

dadrus avatar Sep 22 '23 18:09 dadrus