https://bz.apache.org/bugzilla/show_bug.cgi?id=62911
Bug ID: 62911
Summary: Add support for proxying ocsp requests via ProxyHost
and ProxyPort in TomcAt
Product: Tomcat 7
Version: 7.0.70
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: usma...@ieml.ru
Target Milestone: ---
Please add support for specifying proxyHost and ProxyPort for ocsp requests in
Tomcat.
I have a webapp which runs on Tomcat 7.0.70 on RHEL 6.9 and Java 7 and using
APR/Tomcat native for SSL TLS.Tomcat sits behind proxy.
I can't get ocsp stapling working
I tried using proxyName and proxyPort in Connector in server xml hoping that
this will also proxify ocsp requests, in Tomcat but ssllabs test still shows
ocsp Stapling no for my server
Given the fact that most of the ocsp responders specified in SSL certificates
such as Comodo actually resolve to many changing IP addresses it becomes really
hard /impossible to specify any firewall rule to manually proxy ocsp requests
since these firewalls typically operate with IP addresses not hostnames.
Inability to specify proxy host/port nor specify a file from which the stapled
OCSP response could be taken makes OCSP unavailable in many corporate
environments where typically internet access is granted via proxy
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
