[gnutls-devel] Interaction between TLS session resumption and the OCSP must-staple certificate extension

Tim Kosse tim.kosse at filezilla-project.org
Tue Jun 27 08:52:51 CEST 2017

Hi TJ,

On 27.06.2017 08:37, TJ Saunders wrote:
> Not all FTP servers require session resumption for their data
> connections, so to be thorough, I assume FileZilla would want to ensure
> that the TLS session for the data connection was indeed resumed, before
> going on to ignore a missing OCSP response for that resumed TLS session?

Correct, ignoring the missing OCSP response on a non-resumed session
would be a really bad idea.

> There *is* a ProFTPD (or rather, an OpenSSL) bug, for which I've filed
> this ticket:
>   https://github.com/proftpd/proftpd/issues/528
> The above specifically cites text from RFC 6066, which covers dealing
> with TLS extensions and resumed sessions.  That text, fortunately,
> covers the case of the "status_request" extension; it does not, sadly,
> also cover the case of the "must-staple" X509v3 extension.

Thanks for linking this issue.

I'm not sure your conclusion to not staple the OCSP response is quite
correct, note RFC 6606 saying "In this case, the
functionality of these extensions negotiated during the original
session initiation is applied to the resumed session."

The way I understand it, the server, even though replying with empty
extensions on server hello, must otherwise behave as if the extensions
were initially negotiated and thus the CertficateStatus handshake packet
should be sent.


More information about the Gnutls-devel mailing list