security/hakurei.app
5
1
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 4 Wiki Activity

handle Let's Encrypt removing OCSP support

Browse Source 
We can no longer use OCSP stapling and Must-Staple. These will soon be
obsolete once the `shortlived` profile is available for public use since
it will provide certificates with a similar lifetime as OCSP responses.

In the meantime, we've moved to the `tlsserver` profile stripping legacy
features to prepare for the `shortlived` profile which will be identical
to `tlsserver` but with a validity period of 6 days.
This commit is contained in:
Daniel Micay
2025-05-04 21:57:41 -04:00
parent c57490de09
commit 298c357bc9
3 changed files with 0 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
static/features.html
View File

@@ -1489,7 +1489,6 @@
when sending mail including alert messages from the attestation service</li>
<li>SSHFP across all domains for pinning SSH keys</li>
<li>Static key pinning for our services in apps like Auditor</li>
<li>Our web services use robust OCSP stapling with Must-Staple</li>
<li>No persistent cookies or similar client-side state for anything other than
login sessions, which are set up securely using <code>SameSite=Strict</code>,
<code>Secure</code>, <code>HttpOnly</code>, and <code>Path=/</code> flags, prefixed with