Skip to content

OCSP stapling support can be used to optimize TLS connections #33377

New issue
New issue
Closed
Closed
OCSP stapling support can be used to optimize TLS connections#33377
Assignees
jeffhandleybartonjs
Labels
Cost:LWork that requires one engineer up to 4 weeksPriority:2Work that is important, but not critical for the releaseTeam:LibrariesUser StoryA single user-facing feature. Can be grouped under an epic.area-System.Security
Milestone
7.0.0
@vincentkam

Description

@vincentkam
vincentkam
opened on Mar 9, 2020

Hello :)

Are there any plans to expand support for OCSP stapling? Using WireShark, I see that the status_request TLS extension is only set on MacOS on .Net Core >= 2.0 after setting checkCertificateRevocation to true when calling SslStream.AuthenticateAsClient. On Linux and Windows, there appears to be no stapling support, even though my loose understanding is that both OpenSSL and Secure Channel support stapling.

The reason I'm asking for expanded OCSP stapling support is that we would like the MongoDB .NET/C# driver to have support for stapled OCSP on Linux and Windows (our goal is to have all MongoDB drivers fully support OCSP).

Metadata

Metadata

Assignees

Labels

Cost:LWork that requires one engineer up to 4 weeksPriority:2Work that is important, but not critical for the releaseTeam:LibrariesUser StoryA single user-facing feature. Can be grouped under an epic.area-System.Security

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions