Confirmed users
529
edits
Security/Server Side TLS: Difference between revisions
Jump to navigation
Jump to search
→OCSP Stapling
(revisit ELB capabilities) |
|||
| Line 181: | Line 181: | ||
= OCSP Stapling = | = OCSP Stapling = | ||
When connecting to a server, clients should verify the validity of the server certificate using either a Certificate Revocation List (CRL), or an Online Certificate Status Protocol (OCSP) record. The problem with CRL is that the lists have grown huge and takes forever to download | When connecting to a server, clients should verify the validity of the server certificate using either a Certificate Revocation List (CRL), or an Online Certificate Status Protocol (OCSP) record. The problem with CRL is that the lists have grown huge and takes forever to download. | ||
OCSP is much more lightweight, as only one record is retrieved at a time. But the side effect is that OCSP requests must be made to a 3rd party OCSP responder when connecting to a server, which adds latency and potential failures. In fact, the OCSP responders operated by CAs are often so unreliable that browser will fail silently if no response is received in a timely manner. This reduces security, by allowing an attacker to DoS an OCSP responder to disable the validation. | |||
The location of the OCSP responder is taken from the Authority Information Access field of the signed certificate. For example, with StartSSL: | The solution is to allow the server to send its cached OCSP record during the TLS handshake, therefore bypassing the OCSP responder. This mechanism saves a roundtrip between the client and the OCSP responder, and is called OCSP Stapling. | ||
The server will send a cached OCSP response only if the client requests it, by announcing support for the '''status_request''' TLS extension in its CLIENT HELLO. | |||
Most servers will cache OCSP response for up to 48 hours. At regular intervals, the server will connect to the OCSP responder of the CA to retrieve a fresh OCSP record. The location of the OCSP responder is taken from the Authority Information Access field of the signed certificate. For example, with StartSSL: | |||
<pre> | <pre> | ||
Authority Information Access: | Authority Information Access: | ||
OCSP - URI:http://ocsp.startssl.com/sub/class1/server/ca | OCSP - URI:http://ocsp.startssl.com/sub/class1/server/ca | ||
</pre> | |||
Support for OCSP Stapling can be tested using the '''-status''' option of the OpenSSL client. | |||
<pre> | |||
$ openssl s_client -connect monitor.mozillalabs.com:443 -status | |||
... | |||
====================================== | |||
OCSP Response Data: | |||
OCSP Response Status: successful (0x0) | |||
Response Type: Basic OCSP Response | |||
Version: 1 (0x0) | |||
... | |||
</pre> | </pre> | ||