mcn4 at leicester.ac.uk
Wed Nov 25 15:40:20 CET 2015
On Wed, Nov 25, 2015 at 02:21:16PM +0000, Scott Armitage wrote:
> I might be doing something wrong but I can’t seem to find the
> cache_ocsp module anywhere which is called in the tls-cache
I thought the whole point of OCSP was that it was supposed to be a
lightweight and quickly updated alternative to CRLs, and therefore
caching it doesn't make sense from a security point of view?
Though I guess a cache of a couple of hours or so is unlikely to
hurt (until the cert is revoked because of a security incident).
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users