[openssl-users] How can I sstart openssl ocsp in secure mode using TLS/SSL

Richard Moore richmoore44 at gmail.com
Fri Sep 22 16:32:16 UTC 2017

On 22 September 2017 at 15:08, Salz, Rich via openssl-users <
openssl-users at openssl.org> wrote:

> Openssl 0.9.8 is old and obsolete and has security issues; you should
> upgrade.
> But even if you upgrade, the ocsp command will not listen on HTTPS; that
> is not supported.
​It's also worth pointing out that CAs are banned from running OCSP servers
over HTTPS anyway and it isn't needed since the responses are already
signed - http is fine.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170922/f9b69816/attachment-0001.html>

More information about the openssl-users mailing list