> The "exim" server claims to support stapling (for incoming connections) Yes, which isn't what I asked. > The Must-Staple belongs to the certificate which was requested including "1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05" in the CSR. Does the exim server understand that extension? If, for example, exim was built with OpenSSL, then it does not handle that extension. What TLS stack was the server built with?
> OCSP Must-Staple certificates are getting more popular. FWIW, I have not noticed this, but maybe I'm looking in the wrong places. On the other hand, nobody has raised the issue, nor made a pull request, with OpenSSL, so it can't be very popular yet. /r$ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls