This is an automated email from the ASF dual-hosted git repository.
wave pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new 33c74c7a Remove OSCP stapling
33c74c7a is described below
commit 33c74c7a5d47335285a9929511f875ef9d092285
Author: Dave Fisher <[email protected]>
AuthorDate: Wed Mar 11 10:49:25 2026 -0700
Remove OSCP stapling
---
atr/docs/tls-security-configuration.md | 24 ------------------------
1 file changed, 24 deletions(-)
diff --git a/atr/docs/tls-security-configuration.md
b/atr/docs/tls-security-configuration.md
index e1c53a0c..ba0d1da8 100644
--- a/atr/docs/tls-security-configuration.md
+++ b/atr/docs/tls-security-configuration.md
@@ -14,7 +14,6 @@
* [Cipher suites (TLS 1.2)](#cipher-suites-tls-12)
* [Cipher ordering](#cipher-ordering)
* [Session security](#session-security)
-* [OCSP stapling](#ocsp-stapling)
* [Security properties of this
configuration](#security-properties-of-this-configuration)
* [Summary](#summary)
@@ -181,29 +180,6 @@ TLS compression is disabled to prevent attacks such as
**CRIME**, which exploit
---
-## OCSP stapling
-
-```apache
-SSLUseStapling on
-SSLStaplingCache shmcb:/var/run/ocsp(128000)
-```
-
-OCSP stapling allows the server to provide certificate revocation status
directly during the TLS handshake.
-
-Benefits include:
-
-* Faster TLS connections
-* Reduced load on certificate authority OCSP servers
-* Improved privacy (clients do not contact the CA directly)
-
-The stapling response is cached in shared memory:
-
-```bash
-/var/run/ocsp
-```
-
----
-
## Security properties of this configuration
This TLS configuration provides the following protections:
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
