Hi Igor,
> Hi, list > > I enable OCSP with empty .ocsp file, but it seems not work, > https://www.ssllabs.com/ssltest/ reports "OCSP No". > > If do "openssl ocsp -issuer s.pem.issuer -cert s.pem -url > http://ocsp.startssl.com/sub/class2/server/ca -header "HOST" > "ocsp.startssl.com" -respout s.pem.ocsp", so it works, ssllabs reports > "OCSP Yes". > > May be like this issue: http://trac.nginx.org/nginx/ticket/465 ? Expected behavior. HAproxy has no dns resolver and does not automatically download ocsp informations. *YOU* need to provide the OCSP data externally, and haproxy will forward it. The nginx implementation does everything on its own, the haproxy implementation does absolutely not do that. Regards, Lukas
