https://bz.apache.org/bugzilla/show_bug.cgi?id=60182
--- Comment #14 from [email protected] --- @ Ruediger Pluem Thanks for merging this into trunk. A little unexpected because I targeted them initially for the 2.4 branch. In trunk as it stands, it is not really an option to run with FakeTryLater off because then a DOS of the OCSP responder is immediately fatal for any new TLS connection with OCSP staple request when the cache runs out. Also I would caution that with the present state of Firefox it is not an option to run with ReturnResponderErrors set on. So that leaves only `SSLStaplingReturnResponderErrors off` and `SSLStaplingFakeTryLater on` as somewhat robust OCSP stapling config for mod_ssl on its own. I do realize that these patches do not exactly address the title issue of this bug. The changes are actually far more appropiate for https://bz.apache.org/bugzilla/show_bug.cgi?id=57121. So maybe they should be posted there for Fixed and PatchAvailable. I am curious also, is there any chance of these changes merging into a 2.4.42 version perhaps? It would be a shame if it never reaches the 2.4 branch, because then there really is no hope to even get it into a Ubuntu 20 LTS for example as an SRU. mod_md 2.2+ would be an option to work on there. Thanks for the follow-up. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
