Mobile app version of vmapp.org
Login or Join
Nimeshi995

: OCSP Stapling still connecting to OCSP server Goal: Decrease the Time to First Byte on a server that uses Extended SSL validation. Possible Issue: I enabled OCSP stapling and ssllabs shows

@Nimeshi995

Posted in: #Openssl #Ttfb

Goal: Decrease the Time to First Byte on a server that uses Extended SSL validation.

Possible Issue: I enabled OCSP stapling and ssllabs shows OCSP stapling is enabled, but tests at webpagetest.org still show the client making one call to the OCSP verification server. Intermittently the communication with that OCSP server increases the ssl connection time to over 1.0 second.

Question: Before enabling OCSP stapling, two connections were being made to the OCSP server, but now there is only one. With stapling enabled shouldn't that eliminate all connections to the verification server by the client? If so how can I troubleshoot the issue?

Edit: I just noticed that ssllabs has "OCSP Must Staple = No", but "OCSP Stapling = Yes" if that matters.

10% popularity Vote Up Vote Down


Login to follow query

More posts by @Nimeshi995

0 Comments

Sorted by latest first Latest Oldest Best

Back to top | Use Dark Theme