Hi,

we have been informed by our CA that they will be moving their OCSP-servers to "the cloud" - it was a fixed set of IPs before. These fixed sets could relatively easily be entered as firewall rules (and hosts-file entries, should DNS-resolution be unavailable). Of course, they could as easily be targeted by Script-Kiddies and Wannabe-Hackers as targets for a DDoS.


As such, I would need to allow outbound http-connections to the whole internet, which is kind of exactly the opposite of what I want to do.
And that's ignoring for a moment the necessity to allow outbound DNS...

It would be cool if nginx would be able to do the stapling through a http-proxy.



Rainer


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply via email to