javajava 0 Posted September 21, 2018 Share Posted September 21, 2018 I'm really trying to limit what dials out and what doesn't, but I'm curious if ESET's "if the certificate is invalid or corrupt, block communication that uses certificate" is good enough, and it's safe to deny dialing out to OCSP. Primarily because OCSP doesn't use HTTPS as far as I know. Pretty sure it is HTTP. So I'd rather ESET take care of this. So I guess my question is, is ESET's ability to check the validity of certificates as powerful as OCSP, and is it safer to use ESET's instead? Thanks. Link to comment Share on other sites More sharing options...
itman 1,538 Posted September 22, 2018 Share Posted September 22, 2018 OCSP is a far more reliable way to verify certificate status than relying on CRLs. The question you should be asking is if the AV vendors that perform SSL protocol scanning perform OCSP properly. There is plenty of web based comment on that issue. Link to comment Share on other sites More sharing options...
Recommended Posts