Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-99241

OCSP-Stapling with Session Resumption

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P3: Somewhat important
    • None
    • 5.15.7, 6.2.2
    • Network: SSL
    • None

    Description

      We tried to enforce OCSP-Stapling for all TLS connections. It works but there is no OCSP-Response in a session resumption that Qt handles itself with QNetworkAccessManager. So we get a QSslError::OcspNoResponseFound error for this even we received a valid one for the initial connection.

       

      I looked into the tls handshake with wireshark and I saw that Qt correctly requests the status information. The server (Apache and Caddy tested) returns the OCSP-Response with a new connection only. This makes OCSP-Stapling a little bit "useless".

       

      Is it possible that Qt handle a session resumption for OCSP-Stapling? So it would use the old OCSP-Response and checks if it is still valid for the resumed session.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            cnn Qt Core & Network
            misery André Klitzing
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Gerrit Reviews

                There are no open Gerrit changes