Bug 64970 - drop unmaintained ocsp support from mod_ssl
Summary: drop unmaintained ocsp support from mod_ssl
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.4.25
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2020-12-09 07:59 UTC by Björn Jacke
Modified: 2020-12-09 07:59 UTC (History)
1 user (show)


Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2020-12-09 07:59:19 UTC
many people, including me have been reporting ocsp isues with Apache in the last couple of years since ocsp support was added to mod_ssl. There is zero response on reported bugs, not even for the easiest fixable bug, not even for bugs on better documentation. Apache's mod_ssl has really the worst ocsp stapling implemenation ever and most peoply who just want to enable it will make their setup fragile. Fragile setups due to bad and unmaintained ocsp support in Apache is finally putting a bad reputation on ocsp technoloygy in general. It also puts bad reputation on Apache in general by the way. Please be so kind and drop all of the ocsp support from Apache's mod_ssl, because no ocsp support is better than  a bad and unmaintained ocsp support.