Configuring OCSP Stapling on BIG-IP
Published Jan 26, 2016
Version 1.0Was this article helpful?
We haven't looked at it for a while, but I think we ended up determining that the F5 was caching a bad or failed OSCP response which upset Firefox. This was on version 12. I also kind of lost interest when I realised that OSCP stapling doesn't support the chain certificate anyway, so it won't eliminate the delay, only halve it. That coupled with the risk of denying access to the site it's supposed to speed up, I found it pretty disappointing overall and there doesn't seem to be any activity towards adding support for stapling chain certs since draft was raised 6 years ago... https://bugzilla.mozilla.org/show_bug.cgi?id=611836