Hi, On Sun, Sep 6, 2020 at 11:16 AM Matthias Pfau <[email protected]> wrote: > > Hi there, > we just had some problems with OCSP stapling as we did not receive responses > from OCSP responder which ultimately lead to qtp threadpool congestion. > > We enabled OCSP stapling by setting > "jdk.tls.server.enableStatusRequestExtension" to true. A thread dump revealed > that nearly all threads were waiting to on the OCSP responders answers (see > https://gist.github.com/mpfau/5fb8a4ffdf3f7b62c5856b5ef27b8f0a for a thread > stack). > > I thought that server side OCSP stapling had been implemented in a lazy > async fashion but it does not seem like this is the case. Did anyone else > experience this or has found a solution? Is this a JDK or a jetty problem?
It is a JDK issue, since Jetty does not control how OCSP requests are made, it delegates them to the JDK. Please open an issue at https://bugreport.java.com/ > Would also be nice if one could define which interface/ip should be used to > send OCSP requests. Is that possible? That should be possible by setting the OCSP responderURL via `SslContextFactory.setOcspResponderURL(String)`. Have you tried already? -- Simone Bordet ---- http://cometd.org http://webtide.com Developer advice, training, services and support from the Jetty & CometD experts. _______________________________________________ jetty-users mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
