[gnutls-devel] Interaction between TLS session resumption and the OCSP must-staple certificate extension
Tim Kosse
tim.kosse at filezilla-project.org
Wed Jun 28 09:28:35 CEST 2017
Hi,
On 2017-06-27 09:13, Ander Juaristi wrote:> what happens if the>
certificate has been revoked in the time span between the initial
session> establishment and the later resumption?> > The client can check
that by sending a "normal" OCSP status request, but would> lose the
benefit of stapled OCSP?
It's not much of a deal. On a non-resumed handshake the server can still
use the revoked certificate for a while if it keeps stapling the old
OCSP response until it expires.
Regards,
Tim
More information about the Gnutls-devel
mailing list