sivmu at web.de
Wed Jan 25 22:07:08 CET 2017
Am 25.01.2017 um 12:14 schrieb Peter Lebbing:
> On 25/01/17 09:52, Werner Koch wrote:
>> OCSP is used as an alternative to CRLs and not directly related to
> The OP might have meant "OCSP Stapling" which includes the OCSP data in
> the data sent by the webserver during TLS session setup. That way, the
> OCSP data doesn't need to be fetched from an OCSP server, which would
> leak the fact a certain website certificate is being verified to the
> OCSP server.
Yes that is what I meant, sorry for the confusion.
I think this might be relevant for some people who would prefer not to
trigger unnecessary queries for privacy reasons.
Anyways ssllabs shows a warning that the website will be degraded from A
to C in a month. Not sure that matters all that much, but if there is an
oppertunity to change the available ciphers at some point...
More information about the Gnupg-users