curl/curl
1
1
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-09-11 14:42:40 +03:00
Code Issues Packages Projects Releases Wiki Activity

TODO: consider OCSP stapling by default

Browse Source 
Suggested-by: Nicolas F.
Closes #15483
Closes #15521
This commit is contained in:
Daniel Stenberg 2024-11-08 07:58:48 +01:00
parent 1f6767e7a0
commit a3b4ffd429
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/TODO
View File

@ -113,6 +113,7 @@
13.1 TLS-PSK with OpenSSL 13.1 TLS-PSK with OpenSSL
13.2 TLS channel binding 13.2 TLS channel binding
13.3 Defeat TLS fingerprinting 13.3 Defeat TLS fingerprinting
13.4 Consider OCSP stapling by default
13.5 Export session ids 13.5 Export session ids
13.6 Provide callback for cert verification 13.6 Provide callback for cert verification
13.7 Less memory massaging with Schannel 13.7 Less memory massaging with Schannel
@ -817,6 +818,14 @@
sometimes possible to circumvent TLS fingerprinting by servers. The TLS sometimes possible to circumvent TLS fingerprinting by servers. The TLS
extension order is of course not the only way to fingerprint a client. extension order is of course not the only way to fingerprint a client.
13.4 Consider OCSP stapling by default
Treat a negative response a reason for aborting the connection. Since OCSP
stapling is presumed to get used much less in the future when Let's Encrypt
drops the OCSP support, the benefit of this might however be limited.
https://github.com/curl/curl/issues/15483
13.5 Export session ids 13.5 Export session ids
Add an interface to libcurl that enables "session IDs" to get Add an interface to libcurl that enables "session IDs" to get