We are using Adopt OpenJDK 1.8. We want to enable OCSP Stapling on the server but it looks like it is introduced in OpenJDK 1.9. Does anyone know if there is any plan to backport OCSP Stapling in 1.8 as it is LTS release? Or are there any other option to enable it with Java 1.8. We do not want to upgrade the Java version.
Asked
Active
Viewed 284 times
0
-
1Just because Java 8 is a LTS release I would expect **not** to backport OCSP stapling as this may break existing applications. – Robert Jun 08 '21 at 15:20
-
1As long as your server does not make use of HTPS client authentication via certificate you could offload HTTPS handling/termination to an external server/proxy like nginx (run it as reverse proxy and let it handle the HTTPS connections which then get forwarded via localhost to your Java server). – Robert Jun 08 '21 at 15:28
-
It is the Enterprise application. Server authenticates the agents using certificates. We are introducing the revocation check in the existing infrastructure. So the solution of offloading the HTTPS connection to external server will not be feasible for us. – Ravindra12jan Jun 09 '21 at 04:10
-
The certificate handling is completely done by Java's JSSE library. Do we have any option to extend this functionality and introduce OCSP stapling? – Ravindra12jan Jun 09 '21 at 04:12