Bug 64970

Summary: drop unmaintained ocsp support from mod_ssl
Product: Apache httpd-2 Reporter: Björn Jacke <bjoern>
Component: mod_sslAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: NEW ---    
Severity: normal CC: stefan
Priority: P2    
Version: 2.4.25   
Target Milestone: ---   
Hardware: PC   
OS: All   

Description Björn Jacke 2020-12-09 07:59:19 UTC 
many people, including me have been reporting ocsp isues with Apache in the last couple of years since ocsp support was added to mod_ssl. There is zero response on reported bugs, not even for the easiest fixable bug, not even for bugs on better documentation. Apache's mod_ssl has really the worst ocsp stapling implemenation ever and most peoply who just want to enable it will make their setup fragile. Fragile setups due to bad and unmaintained ocsp support in Apache is finally putting a bad reputation on ocsp technoloygy in general. It also puts bad reputation on Apache in general by the way. Please be so kind and drop all of the ocsp support from Apache's mod_ssl, because no ocsp support is better than  a bad and unmaintained ocsp support.