On 06/09/2016 16:43, Martin Rublik wrote:
On Tue, Sep 6, 2016 at 2:16 PM, Jakob Bohm <[email protected]> wrote:
Here are a list of software where I have personally observed bad OCSP
stapling support:
IIS for Windows Server 2008 (latest IIS supporting pure 32 bit
configurations): No obvious (if any) OCSP stapling support.
AFAIK IIS 7.0 supports OCSP stapling and it is enabled by default, for more
information see https://unmitigatedrisk.com/?p=95 or
https://www.digicert.com/ssl-support/windows-enable-ocsp-stapling-on-server.htm
Nice surprise (if true), this was unreasonably well hidden, for example
there is no indication of this in any relevant parts of the
administration user interface. I'll have to device a test to check if
it actually does staple OCSP on our servers.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
