66657 – Support for OCSP Caching

Bug 66657 - Support for OCSP Caching

Summary: Support for OCSP Caching

Status:	NEW

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_ssl (show other bugs)
Version:	2.5-HEAD
Hardware:	All All

Importance:	P2 enhancement (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-06-19 10:47 UTC by davide schiaroli
Modified:	2023-06-19 10:57 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description davide schiaroli 2023-06-19 10:47:35 UTC

For a variety of purpose it can be very useful to support ocsp response caching, in a scenario where stapling is NOT enabled. Currently stapling cahcing is working, so why not implement the same mechanism in standard ocsp? It's this ever been thinked of? Is there are a reason that make this request impossible, I'll appreciate every comment, thanks, DS.

Comment 1 Stefan Eissing 2023-06-19 10:51:16 UTC

There is an alternative in the `mod_md` module that provides stapling with caching to disk and renewal before the stapling timeout expires. See <https://httpd.apache.org/docs/2.4/mod/mod_md.html#mdstapling>.

Comment 2 davide schiaroli 2023-06-19 10:53:19 UTC

Does this work if I don't want stapling? Example: In my configuration, i want to use SSLOCSPEnable On, and SSLUseStapling off

Comment 3 Stefan Eissing 2023-06-19 10:57:07 UTC

No, this is for adding stapling information to TLS handshake to the client. It will not help you with managing stapling of client certificates.

Sorry if I misunderstood your original question.