Implementation of TLS OCSP Stapling

Gedalya gedalya at gedalya.net
Thu Mar 3 13:23:26 UTC 2016


On 03/03/2016 08:17 AM, dovecot at flut.demon.nl wrote:
> On 03-03-16 14:09, Gedalya wrote:
>> On 03/03/2016 07:30 AM, Stephan Bosch wrote:
>>> BTW, I can imagine that Thunderbird can already do that, as it shares much of the Firefox code base.
>> Thunderbird definitely does validate certificates via OCSP, enabled by default and I've run into that the hard way a couple of times wrt StartSSL having issues with their responder. This isn't hypothetical, guys....
> OCSP status querying isn't the same as verifying stapled OCSP responses
> though. Can't find Thunderbird's support for stapling unfortunately..
No, it's not the same, but the claim was no use of OCSP at all.
Either way, this guy claims Thunderbird uses stapling, but with HTTP?
http://mobilesociety.typepad.com/mobile_life/2015/03/ocsp-stapling-and-android-that-doesnt-care.html
As Stephan pointed out, it's the same code base as Firefox. If someone can name an IMAP server that supports stapling, we could test it.



More information about the dovecot mailing list