OCSP Stapling with FR

Philippe MARASSE philippe.marasse at ch-poitiers.fr
Wed Dec 17 18:49:36 CET 2014


According to RFC 4366, during TLS handshake, server may send OCSP status 
along with certificate. Is it possible to do this with Freeradius ?

I had an issue with OS X < 10.9.5 using WiFi with EAP-TLS auth : my mac 
tried to do OCSP on my radius server's certificate before getting 
internet access... 20s timeout before getting connected !

I think it would be nice to issue OCSP stapling to WiFi clients so they 
can check the certificate revocation status offline.


Philippe MARASSE

Responsable pôle Infrastructures - DSIO
Centre Hospitalier Henri Laborit
CS 10587 - 370 avenue Jacques Coeur
86021 Poitiers Cedex
Tel :

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4326 bytes
Desc: Signature cryptographique S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141217/b7a808e5/attachment.bin>

More information about the Freeradius-Users mailing list