ocsp-stapling through http proxy?

rainer at ultra-secure.de rainer at ultra-secure.de
Thu Oct 13 10:25:44 UTC 2016


we have been informed by our CA that they will be moving their 
OCSP-servers to "the cloud" - it was a fixed set of IPs before.
These fixed sets could relatively easily be entered as firewall rules 
(and hosts-file entries, should DNS-resolution be unavailable).
Of course, they could as easily be targeted by Script-Kiddies and 
Wannabe-Hackers as targets for a DDoS.

As such, I would need to allow outbound http-connections to the whole 
internet, which is kind of exactly the opposite of what I want to do.
And that's ignoring for a moment the necessity to allow outbound DNS...

It would be cool if nginx would be able to do the stapling through a 


More information about the nginx mailing list