Key Technologies to Enhance Web Security: OCSP Stapling and Must-Staple

When users access a website via HTTPS, the server provides the website's TLS certificate. Browsers verify the validity of the certificate and reject any that have expired. In some cases, such as private key leaks, server owners may need to invalidate a certificate. To address this, certificate authorities (CAs) must revoke compromised certificates and inform browsers to reject them.

What is a Certificate Revocation List (CRL)?

A Certificate Revocation List (CRL) is a structured data file maintained by CAs. It contains the serial numbers and revocation dates of certificates that have been revoked. Before accessing a website, the browser downloads and parses the CRL file to verify whether the certificate has been revoked.

With the widespread adoption of HTTPS, CRL files have grown significantly in size, leading to increased network overhead with each connection. As a result, CRLs face scalability challenges in modern web environments.

What is OCSP?

The Online Certificate Status Protocol (OCSP) provides a real-time method for checking the validity of a certificate. When users access a website via HTTPS, their browser queries an OCSP responder to verify the server’s certificate status.

Unlike CRLs, OCSP allows browsers to check the revocation status of a single certificate without downloading an entire list. However, OCSP has its own challenges:

• Performance Issues: Browsers must make additional HTTP requests for each new HTTPS connection, adding latency.
• Security Concerns: If the OCSP server is unreachable or times out, browsers may default to assuming the certificate is valid, leaving room for potential vulnerabilities.
• Privacy Risks: Frequent OCSP queries can expose parts of users’ browsing history to third-party OCSP responders, compromising privacy.

What is OCSP Stapling?

OCSP Stapling is a technology that embeds OCSP responses directly into the TLS handshake process. Normally, when a client establishes an SSL/TLS connection, it must query the CA’s OCSP server to verify the certificate status. This adds latency and increases the risk of man-in-the-middle attacks.

With OCSP Stapling, the server proactively provides the latest OCSP response during the TLS handshake, eliminating the need for the client to contact the CA. This approach improves performance and enhances security. The server periodically retrieves the latest OCSP response from the CA and stores it locally. When a client initiates a connection, the server directly supplies the OCSP response to fulfill the certificate status check.

What is OCSP Must-Staple?

OCSP Must-Staple is a stricter security policy requiring servers to provide a valid OCSP response with every TLS connection. If the server fails to do so, the client will refuse the connection. This ensures that certificate status validation is always enforced, reducing potential vulnerabilities.

By implementing OCSP Stapling and OCSP Must-Staple, website owners can significantly enhance their web security. These technologies reduce certificate revocation check latency, protect user privacy, and ensure secure HTTPS connections, offering a safer browsing experience for all users.