Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-99241

OCSP-Stapling with Session Resumption

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Reported
    • Priority: P3: Somewhat important
    • Resolution: Unresolved
    • Affects Version/s: 5.15.7, 6.2.2
    • Fix Version/s: None
    • Component/s: Network: SSL
    • Labels:
      None

      Description

      We tried to enforce OCSP-Stapling for all TLS connections. It works but there is no OCSP-Response in a session resumption that Qt handles itself with QNetworkAccessManager. So we get a QSslError::OcspNoResponseFound error for this even we received a valid one for the initial connection.

       

      I looked into the tls handshake with wireshark and I saw that Qt correctly requests the status information. The server (Apache and Caddy tested) returns the OCSP-Response with a new connection only. This makes OCSP-Stapling a little bit "useless".

       

      Is it possible that Qt handle a session resumption for OCSP-Stapling? So it would use the old OCSP-Response and checks if it is still valid for the resumed session.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            tpochep Timur Pocheptsov
            Reporter:
            misery André Klitzing
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Gerrit Reviews

                There are no open Gerrit changes