On Twitter the other day, I was lamenting the state of OCSP stapling support on Linux servers, and got asked by several people to write-up what I think the requirements are for OCSP stapling support.
Support for keeping a long-lived (disk) cache of OCSP responses.
This should be fairly simple. Any restarting of the service shouldn't blow away previous responses that were obtained. This doesn't need to be disk, just stable - and disk is an easy stable storage for most server
| """ Inspired by http://flask.pocoo.org/snippets/40/ """ | |
| app = Flask(__name__) | |
| @app.url_defaults | |
| def hashed_url_for_static_file(endpoint, values): | |
| if 'static' == endpoint or endpoint.endswith('.static'): | |
| filename = values.get('filename') | |
| if filename: | |
| if '.' in endpoint: # has higher priority |
| #!/usr/bin/env python2 | |
| # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) | |
| # The author disclaims copyright to this source code. | |
| # Modifed to send heartbeat requests for both TLS v1.1 and v1.2 | |
| import sys | |
| import struct | |
| import socket |
| #!/usr/bin/python | |
| # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) | |
| # The author disclaims copyright to this source code. | |
| import sys | |
| import struct | |
| import socket | |
| import time | |
| import select |
| #!/usr/bin/env bash | |
| DOMAIN=$1 | |
| if [ -z "$DOMAIN" ]; then | |
| echo -n 'Enter root domain (no www): ' | |
| read input_d | |
| DOMAIN=$input_d | |
| fi |
| Tynt = window.Tynt || []; | |
| if (typeof Tynt.TIL == "undefined") { | |
| (function() { | |
| var Ja = function() { | |
| var h = document, | |
| l = h.body, | |
| p = h.documentElement, | |
| aa = eval("/*@cc_on!@*/false"), | |
| ba = function(a, b) { |
