Opened 2 years ago

Last modified 9 months ago

#812 new enhancement

Fetch OCSP responses on startup, and store across restarts

Reported by: jsha@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.9.x
Keywords: Cc:
Sensitive: no
uname -a: Linux membrane 3.19.0-30-generic #33-Ubuntu SMP Mon Sep 21 20:58:04 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux N/A
nginx -V: 1.9.6

Description

Once TLS Feature (https://datatracker.ietf.org/doc/draft-hallambaker-tlsfeature/?include_text=1, formerly known as OCSP Must Staple) lands, CAs will be able to sign certs with a bit that says "Do not trust this certificate unless it is accompanied by a stapled OCSP response." For Nginx users to be able to use such certificates, they need to be able to serve stapled OCSP with high reliability and speed. That means two things:

  • Nginx should prefetch OCSP responses for all configured certificates on startup, and when the responses are nearing their NextUpdate? time.
  • Nginx should store OCSP responses in long-term storage, to minimize the cost of startup fetching, and to ensure that if an OCSP responder is temporarily unreachable at startup time, it doesn't prevent correctly serving the relevant site.

Change History (3)

comment:1 Changed 23 months ago by robstradling@…

TLS Feature landed a few weeks ago.

https://tools.ietf.org/html/rfc7633

comment:2 Changed 21 months ago by jleroy@…

Also, you can look at Ryan Sleevi's (from Chrome Security Team) "requirements" for OCSP stapling support : https://gist.github.com/sleevi/5efe9ef98961ecfb4da8

comment:3 Changed 9 months ago by TerraX-net@…

As Let's Encrypt supports OCSP must-staple, we are reading everywhere that nginx would fetch OCSP only after the first connection, which would result in a browser's certificate error for that user.

People are recommending to fetch OCSP manually before nginx gets started https://unmitigatedrisk.com/?p=241 , but this is not possible with dual certificate deployments (RSA+ECDSA).
As you closed https://trac.nginx.org/nginx/ticket/990 denying to give ssl_stapling_file some logic (which was the right decision in my opinion), this ticket here has a high importance to use OCSP Must-Staple at all.

As SSLLabs.com (and maybe Hardenize.com) are checking and promoting this as a wise security feature, please fetch fresh OCSP before a first connection to make OCSP Must-Stapling possible.

Thank you.

Note: See TracTickets for help on using tickets.