Go Back   Data Center, Colocation, Cloud Computing, Storage, Dedicated Servers Forums > Server Rack / SAN/NAS Storage Forum > Back-up Systems and Data Recovery

Reply

 

Thread Tools
  #1  
Old 09-30-2015, 11:19 AM
Deepika Behal Deepika Behal is offline
Member
 
Join Date: Sep 2015
Posts: 37
Default what is OCSP Must-Staple?

Need some information
Reply With Quote
  #2  
Old 09-30-2015, 11:37 AM
Dipsy Jones Dipsy Jones is offline
Member
 
Join Date: Sep 2015
Posts: 49
Default

The OSCP Must-Staple solution can help resolve the OSCP problem. If the Web server could securely
tell the browser that it supported OCSP Stapling, then the browser would know to expect an OCSPstapled
response. And if no response was received, the browser could hard-fail.
The website administrator has to determine if their site will support OCSP Must-Staple. First, they will
have to have their website support OCSP stapling, then they must add the OCSP Must-Staple flag. The
design is not finalized, but the OCSP Must-Staple flag can be implemented in two ways:
1. Must-Staple Assertion in the SSL Certificate
2. Must-Staple Assertion in the SSL Header
OCSP Must-Staple removes most of the issues with traditional revocation checking and allows the
browsers to implement a hard-fail policy. Although there are some cons listed, these are basically
items that will be resolved as the deployed browsers and Web servers support OCSP Stapling and
Must-Staple
Reply With Quote
  #3  
Old 12-22-2015, 07:15 AM
jamesnader jamesnader is offline
Junior Member
 
Join Date: Dec 2015
Posts: 7
Default

OCSP means that Online Certificate Status Protocol. It's a protocol for determining whether a ceretificate is revoked. Every time browser is connect with https website, it connect the OSCP in the SSL certificate, and ask if the certificate is revoked the browser is block the page from the loading.
Reply With Quote
  #4  
Old 07-14-2016, 10:55 PM
VinaHost Support VinaHost Support is offline
Junior Member
 
Join Date: Jul 2016
Posts: 1
Default

Here is a summary of OCSP Must-Staple:

+ OCSP Must-Staple (assertion in certificate) : The flag is implemented as a specific object identifier (OID) extension in the SSL certificate
-> Pros : No “first visit” problem – all connections to the Web Server carry the Must-Staple flag.
-> Cons : Web server needs a certificate issued with the OCSP Must-Staple flag.

+ OCSP Must-Staple (assertion in HTTP Response) : The flag is implemented as an HTTP Response Header
-> Pros : Works with existing SSL certificate.
-> Cons : “First visit” problem

OCSP Must-Staple removes most of the issues with traditional revocation checking, and allows the browsers to implement a hard-fail policy. Although there are some cons listed, these are basically items that will be resolved as the deployed browsers and Web servers support OCSP Stapling and Must-Staple.

Currently, all of the new desktop browsers support OCSP stapling. Regarding Web servers, Microsoft IIS by default supports OCSP Stapling and versions of Apache and Nginx can be configured to support OCSP Stapling. Other servers such as F5 will soon support OCSP Stapling as well.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:34 AM.

Member Area



Data Center Industry Daily News


Cloud and Dedicated Hosting


Sponsors Managed Servers Sponsored by DedicatedNOW.
Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.