[gnutls-help] ocsp stapling

Jeremy Harris jgh at wizmail.org
Sun Jul 26 22:10:30 CEST 2015

gnutls 3.3.8

A non-ocsp-aware client and a server which has called
fails, with the following sequence seen in packet capture:

- Client hello (nothing special)
-- extension: server_name
-- extension: sessionTicket
-- extension: signature_algorithms
-- extension: ec_point_formats
-- extension: elliptic_curves

- Server hello (covers 2 packets)
-- server hello
--- extension: status_request
--- extension: renegotiation_info
--- extension: ec_point_formats
-- server cert (2-element chain)
-- certificate status (refers to server cert)
-- server key exchange
-- server  hello done

- Fatal Alert from client
-- unsupported extension


- Why, when the Client hello did not include a status_request extension,
did the server include cert-status in its server hello?

- Why did the server include a status_request in its server hello?


More information about the Gnutls-help mailing list