[openssl-users] How can I sstart openssl ocsp in secure mode using TLS/SSL

Richard Moore richmoore44 at gmail.com
Fri Sep 22 16:32:16 UTC 2017


On 22 September 2017 at 15:08, Salz, Rich via openssl-users <
openssl-users at openssl.org> wrote:

> Openssl 0.9.8 is old and obsolete and has security issues; you should
> upgrade.
>
>
>
> But even if you upgrade, the ocsp command will not listen on HTTPS; that
> is not supported.
>
>
>
​It's also worth pointing out that CAs are banned from running OCSP servers
over HTTPS anyway and it isn't needed since the responses are already
signed - http is fine.

Cheers

Rich.
​
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170922/f9b69816/attachment-0001.html>


More information about the openssl-users mailing list