From a3b4ffd4298ca27838b28f94344c10dd16b0568f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 8 Nov 2024 07:58:48 +0100
Subject: [PATCH] TODO: consider OCSP stapling by default

Suggested-by: Nicolas F.
Closes #15483
Closes #15521
---
 docs/TODO | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/TODO b/docs/TODO
index b8d1f41919..cdc9d5f9b4 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -113,6 +113,7 @@
  13.1 TLS-PSK with OpenSSL
  13.2 TLS channel binding
  13.3 Defeat TLS fingerprinting
+ 13.4 Consider OCSP stapling by default
  13.5 Export session ids
  13.6 Provide callback for cert verification
  13.7 Less memory massaging with Schannel
@@ -817,6 +818,14 @@
  sometimes possible to circumvent TLS fingerprinting by servers. The TLS
  extension order is of course not the only way to fingerprint a client.
 
+13.4 Consider OCSP stapling by default
+
+ Treat a negative response a reason for aborting the connection. Since OCSP
+ stapling is presumed to get used much less in the future when Let's Encrypt
+ drops the OCSP support, the benefit of this might however be limited.
+
+ https://github.com/curl/curl/issues/15483
+
 13.5 Export session ids
 
  Add an interface to libcurl that enables "session IDs" to get
-- 
2.47.3