Matthew Newton mcn4 at
Wed Nov 25 15:40:20 CET 2015

On Wed, Nov 25, 2015 at 02:21:16PM +0000, Scott Armitage wrote:
> I might be doing something wrong but I can’t seem to find the
> cache_ocsp module anywhere which is called in the tls-cache
> server:

I thought the whole point of OCSP was that it was supposed to be a
lightweight and quickly updated alternative to CRLs, and therefore
caching it doesn't make sense from a security point of view?

Though I guess a cache of a couple of hours or so is unlikely to
hurt (until the cert is revoked because of a security incident).


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list