[SERVER-49277] Staple unknown OCSP responses Created: 02/Jul/20 Updated: 06/Dec/22 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Shreyas Kalyan | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Assigned Teams: |
Server Security
|
||||
| Participants: | |||||
| Description |
|
Currently, when the server receives a STATUS_UNKNOWN response about a certificate from an OCSP responder, it does not staple the response. If the server stapled this response, it would be able to cut down on the latency for drivers. This will require changes to the logic in the strong weak finish line of dispatchRequests. This change would only occur on OpenSSL. |