HTTPS has been widely popularized, and related technologies have become very mature. To understand what OCSP stapling is, you must first understand what OCSP is. OCSP (Online Certificate Status Protocol) is an online query protocol used to verify the legitimacy of certificates.
Translated into adult language: Every visitor to the website will perform an OCSP query. OCSP stapling can replace the Online Certificate Status Protocol (OCSP) to query the status of the certificate. This can optimize HTTPS speed, because most CA’s OSCP servers are not in mainland China.
To understand all this, let’s start with CRL
When a user accesses your site via HTTPS, the server needs to respond to the user with your site’s TLS certificate. The user’s browser will check the expiration date of the certificate and reject any expired/invalid certificate.
In some cases, server owners must mark certificates invalid due to private key compromise, and rely on certificate authorities to implement at least one method to revoke problematic certificates and notify browsers to reject these revoked certificates.
CRL (Certificate Revocation List) is a structured data file in the PKI system. It contains the serial numbers and revocation dates of certificates that have been revoked by the certificate authority. Before users visit your site, the browser will first download and parse the CRL file, and then use the CRL file to verify whether your certificate has been revoked.
With the popularity of HTTPS, the published CRL files are getting larger and larger, which undoubtedly increases the network overhead of each link, and the fact that CRL cannot scale well is becoming more and more obvious.
OCSP verifies whether the website server’s certificate is valid
OCSP (Online Certificate Status Protocol) is an online query protocol used to verify the legitimacy of certificates. When users access your website via HTTPS, the client browser verifies the validity of the website server’s certificate through the OCSP responder. (The browser can now contact the responder to request the revocation status of a single certificate issued by the CA without having to obtain and process the entire CRL.)
OCSP seemed like an effective solution, but the new protocol has proven to have practicality issues.
- Performance issues: The browser needs to perform additional HTTP requests for each new HTTPS connection, which increases network overhead.
- Security issues: Most actual OCSP implementations are not reliable enough (due to network lag, configuration or application errors), causing the user’s browser to fail the OCSP check. If the OCSP server cannot be reached or the server times out, the browser will assume that the certificate is valid and continue with the HTTPS connection;
- Privacy issues, since the certificate is associated with a key and a domain name, and the browser requests the revocation status before each new HTTPS connection, this means that the browser leaks a large part of its user’s web history to the OCSP responder.
OCSP Stapling is a TLS Certificate Status Query Extension
OCSP Stapling is a remedy for the defects of the OCSP protocol. It enables the server to simulate the browser to verify the certificate chain in advance and save the OCSP verification result response with the CA organization signature locally, which can be cached for up to 7 days. When the real handshake phase comes, the OCSP response and the certificate chain will be sent to the browser together to avoid increasing the browser’s handshake delay. Since the browser does not need to directly query the CA site for the certificate status, this function significantly improves the access speed.
Since stapling is implemented in the server, the browser has no way of knowing whether the server actually supports stapling, and OCSP stapling itself does not completely solve the soft fail-safe problem of OCSP.
As a result, an attacker with the private key of a stolen certificate can perform a downgrade attack by serving the certificate without OCSP stapling. The victim’s browser cannot verify that the server actually supports stapling and proceed to query the OCSP responder as it normally would. The attacker can then simply block this OCSP query and effectively force the browser to accept the certificate as valid.
OCSP Must-Staple is an SSL certificate extension introduced by CAs and browser vendors to prevent OCSP stapling attacks. This extension requires that certificates must be OCSP-stapled. If a browser encounters a certificate with this extension and OCSP stapling is not used, it will be rejected.
OCSP stapling can mitigate the above downgrade attacks and also reduce unnecessary traffic to the CA’s OCSP responder, which also helps improve the overall performance of OCSP.
How to Enable OCSP Stapling
https://www.bilibili.com/read/cv12383189
In addition, it is currently known that the CDN services of Alibaba Cloud, Tencent Cloud, and Baidu Cloud all support the OCSP binding function.
