Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCSP Stapling Support #609

Open
bstansberry opened this issue Sep 25, 2024 · 0 comments
Open

OCSP Stapling Support #609

bstansberry opened this issue Sep 25, 2024 · 0 comments
Labels
feature A proposed new WildFly feature

Comments

@bstansberry
Copy link
Contributor

Description

Online Certificate Status Protocol (OCSP) is one of the methods of checking whether or not a certificate is valid or not. It is a protocol for determining the status of a certificate and is described in RFC 2560.

Currently WildFly server supports raditional OCSP. However, it does not have support for OCSP stapling.

Traditional OCSP relies on the client to communicate with the OCSP server upon receiving a certificate to query the revocation status of the certificate. While this is still a valid approach, it impacts performance and privacy due to the direct client queries. OCSP stapling helps with this, as the server takes the responsibility of querying the CA's OCSP responder and "staples" the response to the certificate when sharing it during a TLS handshake. This feature implements the stapling support for OCSP for TLS handshakes.

Issue Contact

fjuma
@bstansberry bstansberry added the feature A proposed new WildFly feature label Sep 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature A proposed new WildFly feature
Projects
WildFly Feature Planning
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bstansberry