Safari 8 does not support OCSP stapling

Originator:pepi.zawodsky
Number:rdar://17589097 Date Originated:08-Jul-2014 03:05 PM
Status:Open Resolved:
Product:Safari Product Version:8.0 (10538.35.8)
Classification:Security Reproducible:Always
 
Summary:
Safari 8 does not support OCSP stapling

Steps to Reproduce:
Visit one of these sites to show the browser's capabilities:
https://www.ssllabs.com/ssltest/viewMyClient.html
http://howsmyssl.com/

Expected Results:
Any modern browser should support OCSP stapling to improve performance of TLS handshakes as well as gain better MITM detection with spoofed certificates.

Actual Results:
Safari 8 still does not support OCSP stapling.

Regression:
This likely applies to the underlying SecureTransport.framework's capabilities.

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!