OCSP stapling limitations (was Re: [PATCH 0 of 4] OCSP stapling)

Rob Stradling rob.stradling at comodo.com
Fri Oct 4 12:25:25 UTC 2013 

On 05/09/12 12:14, Maxim Dounin wrote:
> Hello!
>
> Here are patches for OCSP stapling support.  Testing and
> review appreciated.
<snip>
> Known limitations:
>
> - Unless externally set OCSP response is used (via the "ssl_stapling_file"
>    directive), stapled response won't be sent in a first connection.  This
>    is due to the fact that OCSP responders are currently queried by nginx
>    once it receives connection with certificate_status extension in ClientHello,
>    and due to limitations in OpenSSL API (certificate status callback is
>    blocking).

Hi Maxim.  This limitation is turning out to be a problem, for several 
reasons:

1. In some situations, the limitation appears to be amplified - there 
are more "first connections" than you might expect.  Netcraft reported 
[1] that:
   "Fewer than 50% of the CloudFlare IP addresses responded with an OCSP 
response stapled on the first non-discarded connection attempt. Even 
after 20 requests, the response rate is not consistent, some IP 
addresses still fail to staple an OCSP response on each and every SSL 
connection. This inconsistent behaviour may be down to a number of 
separate machines responding to the same IP address either in different 
locations, or behind a load balancer."

2. The CA/Browser Forum are defining a "must staple" certificate 
extension [2], which we anticipate that browsers (e.g. [3]) will 
recognize and enforce, by aborting the TLS handshake if a stapled OCSP 
response was not sent.

3. Google are planning [4] to require the use of Certificate 
Transparency (CT) [5], and this plan expects OCSP Stapling to work reliably.

What work needs to be done to enable Nginx to send a stapled OCSP 
response every time (without having to use the "ssl_stapling_file" 
directive)?

Could you work around the fact that the OpenSSL certificate status 
callback is blocking?  Or would you absolutely require a non-blocking 
alternative to be available?
(Ben Laurie, who is on both the OpenSSL and CT teams, told me recently: 
"If there's changes needed to OpenSSL, it'd be helpful to know sooner
rather than later.")

Thanks.


[1] 
http://news.netcraft.com/archives/2013/07/19/microsoft-achieves-world-domination-in-ocsp-stapling.html

[2] http://tools.ietf.org/html/draft-hallambaker-muststaple-00

[3] https://bugzilla.mozilla.org/show_bug.cgi?id=901698

[4] http://www.ietf.org/mail-archive/web/tls/current/msg10083.html

[5] http://tools.ietf.org/html/rfc6962

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the nginx-devel mailing list