Bug 62400 - OCSP Stapling should not serve OCSP responses from the cache even after they expire
Summary: OCSP Stapling should not serve OCSP responses from the cache even after they ...
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.5-HEAD
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-05-23 03:41 UTC by Taejoong Chung
Modified: 2018-05-23 03:41 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Taejoong Chung 2018-05-23 03:41:00 UTC
SSLStapling On;
SSLStaplingStandardCacheTimeout 3600 (after one hour a new ocsp request is being done by mod_ssl)

When the OCSP responses from the cache expire, it should go fetch a fresh OCSP response from the OCSP responder even though it still has some cycles to hit the SSLStaplingStandardCacheTimeout; but it keeps serving the expired response from the cache.