On 12/19/18 at 11:15 AM, ietf-d...@dukhovni.org (Viktor Dukhovni) wrote:
> What I'd rather see is automation of certificate rotation, and
> increasingly (decreasingly?) short certificate lifetimes as
> with Let's Encrypt.
I think what you wanted to say was "increasingly shorter certificate
On Wed, Dec 19, 2018 at 01:40:43PM -0500, Viktor Dukhovni wrote:
> To that end, please post a "tshark" decode of a TLS 1.2 handshake
> (thus avoiding encrypted handshake records that make much of the
> TLS 1.3 handshake opaque, and your tshark may not yet support TLS
> 1.3). With reference to
On Wed, Dec 19, 2018 at 03:47:25PM +0100, T.Tributh wrote:
> Shall I open a ticket for openssl?
Before you do that, it would be good to have clarity about the
specific behaviour you're seeing and how it differs from what you
want, and whether you want to see changes in the client or in the
>Shall I open a ticket for openssl?
GnuTLS seems also not be able to staple the status_response when in
client mode.
Feel free. One possible result is that the OpenSSL maintainers will say that
this is more about integration for the different servers that accept client
Am 19.12.18 um 14:20 schrieb Rob Stradling:
> On 19/12/2018 13:13, Salz, Rich wrote:
>>> OpenSSL already has some support for Must-Staple:
>>> https://github.com/openssl/openssl/pull/495
>>
>> Oops, yeah, you're aright. But it's not really documented and not hooked up
>> to any
On 19/12/2018 13:13, Salz, Rich wrote:
>> OpenSSL already has some support for Must-Staple:
>> https://github.com/openssl/openssl/pull/495
>
> Oops, yeah, you're aright. But it's not really documented and not hooked up
> to any popular server, is it? OpenSSL can parse it, but that's
>OpenSSL already has some support for Must-Staple:
>https://github.com/openssl/openssl/pull/495
Oops, yeah, you're aright. But it's not really documented and not hooked up to
any popular server, is it? OpenSSL can parse it, but that's about it.
On 19/12/2018 01:18, Salz, Rich wrote:
>> The "exim" server claims to support stapling (for incoming connections)
>
> Yes, which isn't what I asked.
>
>> The Must-Staple belongs to the certificate which was requested
> including "1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05"
>
>The "exim" server claims to support stapling (for incoming connections)
Yes, which isn't what I asked.
>The Must-Staple belongs to the certificate which was requested
including "1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05"
in the CSR.
Does the exim server understand that
Am 18.12.18 um 15:57 schrieb Salz, Rich:
> Does the server claim to support must-staple?
>
The "exim" server claims to support stapling (for incoming connections)
The Must-Staple belongs to the certificate which was requested
including "1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05"
in the CSR.
Does the server claim to support must-staple?
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
11 matches
Mail list logo
