On Wed, Nov 25, 2015 at 02:21:16PM +0000, Scott Armitage wrote:
I might be doing something wrong but I can’t seem to find the cache_ocsp module anywhere which is called in the tls-cache server:
I thought the whole point of OCSP was that it was supposed to be a lightweight and quickly updated alternative to CRLs, and therefore caching it doesn't make sense from a security point of view? Though I guess a cache of a couple of hours or so is unlikely to hurt (until the cert is revoked because of a security incident). Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>