Relates :
|
|
Relates :
|
|
Relates :
|
|
Relates :
|
|
Relates :
|
|
Relates :
|
A DESCRIPTION OF THE REQUEST : The default implementation of OCSP in java uses HTTP method POST. In the OCSP RFC 2560, there is provision for sending GET calls as well. Excerpt from RFC : HTTP based OCSP requests can use either the GET or the POST method to submit their requests. To enable HTTP caching, small requests (that after encoding are less than 255 bytes), MAY be submitted using GET. If HTTP caching is not important, or the request is greater than 255 bytes, the request SHOULD be submitted using POST. Where privacy is a requirement, OCSP transactions exchanged using HTTP MAY be protected using either TLS/SSL or some other lower layer protocol. An OCSP request using the GET method is constructed as follows: GET {url}/{url-encoding of base-64 encoding of the DER encoding of the OCSPRequest} JUSTIFICATION : This enhancement will provide users with the ability to do OCSP GET which can be cached by CDNs resulting in lower response times CUSTOMER SUBMITTED WORKAROUND : Current workaround includes disabling java OCSP and implement a custom implementation of OCSP client using a security provider like Bouncy Castle.
|