OCSP stapling limitations (was Re: [PATCH 0 of 4] OCSP stapling)
Rob Stradling
rob.stradling at comodo.com
Fri Oct 4 12:25:25 UTC 2013
On 05/09/12 12:14, Maxim Dounin wrote:
> Hello!
>
> Here are patches for OCSP stapling support. Testing and
> review appreciated.
<snip>
> Known limitations:
>
> - Unless externally set OCSP response is used (via the "ssl_stapling_file"
> directive), stapled response won't be sent in a first connection. This
> is due to the fact that OCSP responders are currently queried by nginx
> once it receives connection with certificate_status extension in ClientHello,
> and due to limitations in OpenSSL API (certificate status callback is
> blocking).
Hi Maxim. This limitation is turning out to be a problem, for several
reasons:
1. In some situations, the limitation appears to be amplified - there
are more "first connections" than you might expect. Netcraft reported
[1] that:
"Fewer than 50% of the CloudFlare IP addresses responded with an OCSP
response stapled on the first non-discarded connection attempt. Even
after 20 requests, the response rate is not consistent, some IP
addresses still fail to staple an OCSP response on each and every SSL
connection. This inconsistent behaviour may be down to a number of
separate machines responding to the same IP address either in different
locations, or behind a load balancer."
2. The CA/Browser Forum are defining a "must staple" certificate
extension [2], which we anticipate that browsers (e.g. [3]) will
recognize and enforce, by aborting the TLS handshake if a stapled OCSP
response was not sent.
3. Google are planning [4] to require the use of Certificate
Transparency (CT) [5], and this plan expects OCSP Stapling to work reliably.
What work needs to be done to enable Nginx to send a stapled OCSP
response every time (without having to use the "ssl_stapling_file"
directive)?
Could you work around the fact that the OpenSSL certificate status
callback is blocking? Or would you absolutely require a non-blocking
alternative to be available?
(Ben Laurie, who is on both the OpenSSL and CT teams, told me recently:
"If there's changes needed to OpenSSL, it'd be helpful to know sooner
rather than later.")
Thanks.
[1]
http://news.netcraft.com/archives/2013/07/19/microsoft-achieves-world-domination-in-ocsp-stapling.html
[2] http://tools.ietf.org/html/draft-hallambaker-muststaple-00
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=901698
[4] http://www.ietf.org/mail-archive/web/tls/current/msg10083.html
[5] http://tools.ietf.org/html/rfc6962
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the nginx-devel
mailing list