OCSP Stapling

Hey Guys,

I am getting a bit out of my comfort zone here so I hope somebody has the information I need regarding OCSP Stapling.

I am on a shared hosting environment using Windows and ColdFusion. According to sslLabs.com, OCSP Stapling is not an enabled protocol. I would love to have this enabled as I hear it cuts back SSL negotiation times drastically.

Is this something that I can change in a web.config file or is this something that must be done on the server level using IIS?

Thanks for any information!

Travis Walters

Hey There,

So apparently my hosting service will not enable OCSP Stapling, disable insecure ciphers that are not supposed to be used with SSL certificates, and has a lot to be desired when it comes to their support team in my opinion; they say that it will impact all users on the shared server - but how is that a bad thing?

I need some sort of new coldfusion hosting that supports OCSP Stapling and takes security concerns to a new level as far as support and configuration goes. Eventually, we plan to move to a dedicated server, but are willing to look at shared and VPS solutions. It sort of bugs me that they support the RC4 cipher; having that enabled along with having an SSL certificate gives my users a false sense of security. If anything to were happen to those users, I might even be liable to be sued? The hosting solution would have to work well with a CDN plan - I know that much. I am not sure how SSL certs work with CDNs.

I am not sure if this is the right type of forum to ask about hosting, but it does concern page speed to an extent as far as stapling is concerned. Maybe even having SSL certificates more secure would effect page speed. I hear those RC4 ciphers are supposed to be better for performance but the security leaves a lot to be desired.

Travis Walters