On lun, mag 04, 2015 at 12:28:02 +0200, Vincent Lefevre wrote: > On 2015-05-04 10:57:36 +0200, Alessandro Ghedini wrote: > > --cert-status only checks for the status_request TLS extension which is not > > supported by most servers (which means curl will fail by default on most > > requests). So no, curl will not enable the option by default, at least until > > status_request catches on. > > OK, if I understand, it just supports OCSP stapling, not plain OCSP. > So, why not using plain OCSP if no OCSP stapling information is > received?
Plain OCSP has several problems (increased latency, privacy concerns, and general unreliability) so there's little chance it will be implemented, let alone enabled by default. CHeers
signature.asc
Description: Digital signature