OCSP stapling makes checking the revocation status of an SSL/TLS certificate for a client faster and easier than ever. It is an improvement over the current industry standard OCSP. But what is OCSP eavesdropping and why is it important for your website security?
When you use a browser to access a website, the browser checks many things against the website's TLS certificate: the certificate's signature, the validity period, whether the certificate is valid or revoked, and so on. There are several methods of verifying the TLS certificate. Check the revocation status. Certificate, including Certificate Revocation Lists (CRLs), Online Certificate Status Protocol (OCSP), and OCSP Stapling.
In our previous article, we discussed OCSP and how it can help you check the revocation status of a website certificate. With OCSP, the client requests the website's certificate from the website. The website's web server sends its certificate to the issuing CA, which uses its OCSP responder to provide information about the certificate's revocation status. The web server, in turn, sends it back to the user's browser.
It is a safe method, but it has its limitations. OCSP stapling was designed to overcome some of these limitations.
What is OCSP Stapling? A look at online certificate status log stapling
OCSP eavesdropping refers to the X.509 certificate revocation status checking technique in which the server periodically sends status requests to the CA and transmits the CA's response to the client's browser. Thus, when the client's browser wants to connect, the server presents the CA's status response that indicates whether the certificate is valid or revoked.
OCSP stapling is described ino RFC 2560jRFC 5019. The site server delivers the updated status directly to the client trying to connect. The client can trust it because it is signed and sealed by the issuing certificate authority.
To illustrate the process, imagine that your doorbell rings at an odd hour. You open the door and see two serious people standing in the doorway, asking if they can come in for a chat. do you let them in? Probably not. But what if they wear uniforms and have IDs that say they work for the FBI? Then your perspective may change. Think of OCSP stapling similar to ID cards. You don't have to check with the FBI when an agent comes to your door, as the badges indicate that they are trustworthy.
As a client connected to a website, the website will show you a digitally signed timestamp report indicating whether the TLS certificate is valid. Just as the FBI issues these IDs, the CA issues the verification. The FBI removes the badge when an agent is suspended, fired, or resigns; Likewise, under certain circumstances, CAs revoke TLS certificates.
How OCSP stapling differs from CRLs
OCSP is better than using CRL to check the revocation status of TLS certificates. A CRL is the complete list of revoked website certificates, updated regularly. OCSP refers to a server response coming from a website's certificate authority. It provides current and up-to-date data on certificate revocation status. However, this also consumes more resources. OCSP stapling is a third option that provides information about the revocation status of certificates by "stapping".
The OCSP process can be slow when many clients are making requests to busy sites because the Certificate Authority (CA) must send individual responses to individual clients. Using OCSP stapling speeds up the process as the site server holds the certificate for the client when the client requests it. Instead of multiple clients making individual requests to the certification authority, the server itself sends requests at regular intervals.
Therefore, traditional OCSP is more accurate than OCSP eavesdropping because it provides a real-time response from the server (as opposed to something issued before a certificate is revoked). However, OCSP stapling is useful because it helps improve performance because you can trust the timestamped information and do not have to do a revocation check.
How does OCSP stapling work?
Unlike other verification methods where the client takes responsibility for checking the certificate revocation status of websites, OCSP stacking offloads the server. When a client wants to connect, the server presents the last updated verification status. The CA has the authority to determine response update time. The client can trust the certificate because it is signed by the CA that issued the server's certificate. It also contains a timestamp with the date and time it was created.
A step-by-step guide to OCSP clipping
The OCSP stitching process looks like this:
- The web server requests the updated revocation status from the CA on the backend as the two entities communicate regularly.
- The CA sends signed and timestamped information about its revocation status to the server, which stores it in its cache.
- The client's browser sends a connection request to the server.
- The server "stacks" or appends the cached information about its own lock status to its response to the client.
- If the server's certificate is valid, the client's browser connects to the site.
- If the server's certificate is revoked, the client's browser will display an error message that the certificate is invalid.
A visual representation of how OCSP stapling works
The following reactions are possible with OCSP stapling:
- to remove:If a server certificate is revoked, the browser will display a warning and may not connect to the site. This response is called a fatal error because the browser immediately terminates the connection. A revocation message looks like this to users:
Caption: An example screenshot of a certificate revocation warning message displayed in Google Chrome.
- INTESTINE:A good response is given when the OCSP responder recognizes the certificate serial number and believes it to be valid.
- A foreigner:This message is displayed when the responder does not recognize the certificate and an unknown response is sent. The responder might not have access to the CA that issued the certificate. This type of failure is called a soft failure because it may (or may not) allow the connection to be established.
What are the benefits of activating OCSP booklets?
Using OCSP stapling to check the revocation status of TLS certificates has many advantages, including:
- Offers greater speed and performance.Speed is one of the main benefits of the OCSP stapling method. It takes minimal time to check the revocation status of a TLS certificate.
- Provides better privacy for users.Since the CA or OCSP responder cannot see the websites visited by the customer, the customer's privacy is better protected than with traditional OCSP responder requests.
- Requires less resources.Compared to CRL or OCSP, OCSP stapling consumes less network resources for the client, making it a more efficient method.
3 OCSP Sewing Limitations
Like any other protocol, OCSP stapling has its limitations:
- No examination of provisional certificates.TLS certificates sometimes contain many intermediate CA certificates that form acertificate chain. OCSP stapling generally does not provide verification for intermediate certificates (generally only provides revocation status checks for leaf/server certificates). However, multi-position stapling was not introduced until June 2013RFC 6961.TLS 1.3supports multiple OCSP responses.
- The time between OCSP responses can leave you unaware of new revocations.There is often a delay between two OCSP stack responses. This time interval can be a few hours or more. If the certificate is revoked during this period, the server may return outdated responses.
- OCSP stapling is not supported by all browsers.Currently, not all browsers and web servers support stapling, although it is becoming more common.
Stapling Differentials OCSP versus CRL and OCSP
Some of the features that differentiate OCSP stapling from other methods are:
- Exam Responsibilities:If a server uses OCSP eavesdropping and the site visitor's client supports it, the server bears the burden of proving that its TLS certificate has not been revoked.
- Test cost:The cost of requesting and providing revocation status is borne by the server, including its processing and associated network resources.
- Improved Efficiency:The client does not need to query the TLS certificate revocation status; the server automatically provides one of the certificate issuing CA. This saves time and makes the TLS handshake very efficient.
Summary of OCSP x OCSP Booklets
OCSP stitching is based on simple OCSP. This table shows the differences between the two methods:
|The client's browser is responsible for verification.||The server must provide evidence that the certificate has not been revoked|
|Customer privacy can be compromised as the CA can see all the websites the user has visited.||The server contacts the CA to get its time-stamped response so that the CA cannot see other sites visited by the client.|
|The customer bears the verification costs.||The server bears the verification costs.|
|Slower than OCSP seam as there are many communication rounds||Faster than OCSP because you don't need to send individual OCSP server requests|
|Not ideal for high traffic sites||Ideal for high traffic websites|
|All certificates in the certificate chain can be verified||Not all certificates in the certificate can be verified because the server just staples its own revocation status response|
|There is no time delay between the client's browser request and the CA's response||There is a gap between two requests that the server sends to the CA|
Which browsers support this
OCSP stapling is enabled by default in most major browsers, but is not widely supported. in the nextbrowserThe Services support this revocation checking method:
- Apache – Servidor Apache HTTPD 2.3.3+
- edge: supports
- Firefox: Firefox is enabled by default starting with version 3.0
- Google Chrome: Enabled by default
- Internet Explorer: Version 7.0 and later supports OCSP junction
- NSS (Network Security Services): Compatible with version 3.15 and higher
- OpenSSL: Compatible with version 0.9.8h and later
- Opera: version 8.0 and later supports stapling
- Safari: Enabled by default on Mac OS X 10.7 and later
How to enable OCSP stapling?
Most browsers have OCSP clipping enabled by default. However, if you want to enable it for your server, you can do so. Below we describe the steps to enable this revocation checking method specifically for Apache.
Enabling OCSP Stapling in Apache
If you are using Apache, you can follow below stepsEnable OCSP stitching:
- Check which version of Apache you are using. Apache versions 2.3.3+ allow this method of revocation checking. You can check which environment you are using with one of the following two commands (the first is for Ubuntu or Debian, the second is for CentOs or Red Hat):
apache2 -v httpd -v
- Before enabling OCSP stapling on the Apache server, you must first confirm that yourinterim reportsare installed correctly.
- Also make sure that OCSP Stapling is not already enabled. To do this, use the following OpenSSL command (you should see a "Successful" OCSP response message):
openssl s_client -conecta tudominio.com:443 -status
- Now it's time to edit your website's virtual host configuration file using an editor like Nano or Vi:
- Now it's time to enable OCSP. You can do this with the following command inside the virtual host tags (they look like this<Host virtual></Host virtual>):
- You can specify the time (in seconds) to wait for the OCSP response from the responder. For example, to set 15 seconds:
- Avoid the error message by typing the following command:
- Point to the path of your fully trusted certificate chain, including root, broker, and server, by adding the following command in the <VirtualHost></VisualHost> tags:
If not, you can link specifically to your certificate and key files:
SSLCertificateFile /yourpath/apache2/ssl/yourdomain_certificate.crtSSLCertificateKeyFile /yourpath/apache2/ssl/yourdomain.com/example_key.key
- Use the following command (outside the VirtualHost tags) to specify where you want to cache the OCSP response:
Test your settings and reload Apache
Of course, once you've done that, you'll need to double-check that everything is set up correctly. You can do this by running a quick test and reloading your Apache service with the following commands:
recarregar apachectl -tservice apache2
Final thoughts on OCSP stapling and why it matters
Visiting websites with expired or revoked TLS certificates can easily trick cyber criminals into stealing your customers' important confidential data so that they can use it for malicious purposes. OCSP eavesdropping is a technique that allows browsers to check whether a website you are trying to visit has had its TLS certificate revoked, providing a real-time revocation status check.
Although OCSP stapling is faster and more efficient than CRLs and OCSP, it is not universally supported by all browsers. However, it is gaining in popularity and you could see it being used more in the future.
- #OCSP Heften