[gnutls-devel] Interaction between TLS session resumption and the OCSP must-staple certificate extension

TJ Saunders tj at castaglia.org
Tue Jun 27 19:40:48 CEST 2017


> On 27.06.2017 08:37, TJ Saunders wrote:
> > Not all FTP servers require session resumption for their data
> > connections, so to be thorough, I assume FileZilla would want to ensure
> > that the TLS session for the data connection was indeed resumed, before
> > going on to ignore a missing OCSP response for that resumed TLS session?
> 
> Correct, ignoring the missing OCSP response on a non-resumed session
> would be a really bad idea.

Also, on the topic of how a client might handle the case where the TLS
session is resumed, and the server certificate bears the "must staple"
X509v3 extension, I think Section 4.2.3.1 of RFC 7633 is relevant:

  https://tools.ietf.org/html/rfc7633#section-4.2.3.1

Specifically:

   "A client MAY accept a TLS configuration despite it being
   inconsistent
    with the TLS feature declaration if the validity of the certificate
    chain presented can be established through other means (for example,
    by successfully obtaining the OCSP data from another source)."

If the server does not provide the stapled OCSP response in the resumed
session (per RFC 6066), and the server certificate contains that "must
staple" X509v3 extension, then the client might choose to accept the
handshake anyway -- on the _assumption_ that the client did already
verify that a stapled OCSP response was provided as part of another
source -- the original TLS handshake.

Cheers,
TJ



More information about the Gnutls-devel mailing list