OCSP Stapling; SSL with added speed and privacy

Using SSL on your site comes with certain overheads and one of those overheads is checking the revocation status of your SSL certificate. Whilst this particular overhead resides on the client side, rather than the server side, it still affects the performance of your site in the eyes of your visitors. OCSP stapling allows the host to shift this overhead to their server and dramatically reduce it in size at the same time. 

 

What is OCSP?

OCSP is the Online Certificate Status Protocol and is used to check the revocation status of X.509 digital certificates, or SSL certificates to you and I. When a browser is establishing a connection via HTTPS, there are several checks that it performs to ensure that everything is secure. The certificate presented by the server must be for the domain in question, signed by a trusted root certificate, or intermediates that trace back to a trusted root certificate, and it must not have expired. The final item on the check list is that the certificate hasn't been revoked. If a host has their private keys compromised, an attacker can use the certificate to impersonate them or to intercept and decrypt their traffic. A host can switch out the compromised certificate for a new one, but this won't stop an attacker from impersonating you, the certificate is still signed and valid, you can't take that back. Thus, the need for certificate revocation checks were born. Once the browser confirms all of the initial checks are complete, it will contact the Certificate Authority, the people who issued the certificate, and check that the certificate hasn't been revoked. This introduces a huge burden. Every time a client makes a secure connection to a site, the browser will need to contact the CA to check the revocation status of the certificate presented. If the CA issues certificates to some high traffic sites, that's going to be an awful lot of requests to handle. Not only this, but there are also some privacy concerns. If you want to visit any site using SSL, you need to contact the CA to check the revocation status of the certificate presented. The CA in question can build up a fairly accurate record of the sites you visit that they issue certificates for. Not so good.

 

What's the answer?

The answer to both of these issues is OCSP Stapling. Instead of depending on the client to check the revocation status of the certificate, you can shift the burden to the host server. At regular intervals, the host will contact the OCSP server and retrieve a timestamped OCSP response, signed by the CA. This response is then 'stapled' to the host certificate and sent to the client. The client can trust the stapled response because it only has a short validity and is signed by the trusted CA. This prevents the client having to do the DNS and TCP round trips to the CA for the revocation check and it means the host server can make a single request to the CA and staple the same response to all requests until it expires. Now, instead of every connecting client having to make the OCSP request, the host server makes a single request at regular intervals. This makes the connection faster for all of your visitors and only introduces a minimal overhead on both servers, the host and the CA.

 

Setting up OCSP stapling on nginx

I was quite surprised at just how easy it is to setup OCSP stapling on nginx.

http{
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/certificate/ssl.crt;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 10s;

That's it! Those lines in your nginx.conf file are all that's needed to setup OCSP stapling. The ssl.crt file needs to contain all certificates right down to the root certificate and that's it. The resolvers listed are required because nginx needs to make external requests. You can use any you like, but for the example I've used Google DNS.

Once you have updated and reloaded your nginx config, you should be able to see OCSP stapling is enabled by performing a check on Qualys. Assuming all went well, your visitors will now see a reduction in the overheads of the SSL connection and I can't even find a measurable impact of enabling OCSP stapling on my server. All in all, it seems like a winner all round.

 

Scott.

Short URL: https://scotthel.me/ocsp

Author image
About Scott
Researcher, blogger and international speaker. I'm the creator of report-uri.io and securityheaders.io, free tools to help improve online security.