I've been looking at the tomcatjss' JSSSocketFactory to see how OCSP is initialized on server startup using manager.configureOCSP(true, ocspResponderURL,ocspResponderCertNickname);
Presumably in the context of tomcatjss, the OCSP is intended for revocation checking external clients connecting to the tomcat server. In the case where the tomcat server (Server-A) is a TLS client and the same socket implantation is used to connect to another TLS Server (Server-B), will OCSP be invoked to revocation check the server certificate of Server-B? Or does the manager.configureOCSP() only apply in the case where Server-A is a server and not a client? Thanks -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto