Duane wrote:
Actually this wouldn't be an improvement and there is various reason why CRLs were replaced with OCSP, and OCSP revocation checks should be turned on by default, although I'd be more interested to see OCSP proxying by the website implemented to protect end user privacy.
That would be a great place for you to start your contributions to the Mozilla codebase :-) TLS Stapling is an open bug in Bugzilla.
Gerv _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
