From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 8 Nov 2024 06:58:48 +0000 (+0100)
Subject: TODO: consider OCSP stapling by default
X-Git-Tag: curl-8_11_1~108
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a3b4ffd4298ca27838b28f94344c10dd16b0568f;p=thirdparty%2Fcurl.git

TODO: consider OCSP stapling by default

Suggested-by: Nicolas F.
Closes #15483
Closes #15521
---

diff --git a/docs/TODO b/docs/TODO
index b8d1f41919..cdc9d5f9b4 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -113,6 +113,7 @@
  13.1 TLS-PSK with OpenSSL
  13.2 TLS channel binding
  13.3 Defeat TLS fingerprinting
+ 13.4 Consider OCSP stapling by default
  13.5 Export session ids
  13.6 Provide callback for cert verification
  13.7 Less memory massaging with Schannel
@@ -817,6 +818,14 @@
  sometimes possible to circumvent TLS fingerprinting by servers. The TLS
  extension order is of course not the only way to fingerprint a client.
 
+13.4 Consider OCSP stapling by default
+
+ Treat a negative response a reason for aborting the connection. Since OCSP
+ stapling is presumed to get used much less in the future when Let's Encrypt
+ drops the OCSP support, the benefit of this might however be limited.
+
+ https://github.com/curl/curl/issues/15483
+
 13.5 Export session ids
 
  Add an interface to libcurl that enables "session IDs" to get