Comment by jrochkind1
4 years ago
> I agree that breaking system availability when an OCSP server isn't available is user-hostile and unnecessary.
Based on the OP tweet... depending on the way it is unavailable, the failure is indeed ignored in some cases. "Denying that connection fixes it, because OCSP is a soft failure (Disconnect internet also fixes.)"
So it may be an actual unintended bug that a particular failure path results in a DoS instead?
No comments yet
Contribute on Hacker News ↗