OCSP Stapling with FR
Philippe MARASSE
philippe.marasse at ch-poitiers.fr
Wed Dec 17 18:49:36 CET 2014
Folks,
According to RFC 4366, during TLS handshake, server may send OCSP status
along with certificate. Is it possible to do this with Freeradius ?
I had an issue with OS X < 10.9.5 using WiFi with EAP-TLS auth : my mac
tried to do OCSP on my radius server's certificate before getting
internet access... 20s timeout before getting connected !
I think it would be nice to issue OCSP stapling to WiFi clients so they
can check the certificate revocation status offline.
Regards.
--
Philippe MARASSE
Responsable pôle Infrastructures - DSIO
Centre Hospitalier Henri Laborit
CS 10587 - 370 avenue Jacques Coeur
86021 Poitiers Cedex
Tel : 05.49.44.57.19
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4326 bytes
Desc: Signature cryptographique S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141217/b7a808e5/attachment.bin>
More information about the Freeradius-Users
mailing list