Jump to content

Is it safe to deny access to OCSP with ESET checking certificates?

Recommended Posts

I'm really trying to limit what dials out and what doesn't, but I'm curious if ESET's "if the certificate is invalid or corrupt, block communication that uses certificate" is good enough, and it's safe to deny dialing out to OCSP. Primarily because OCSP doesn't use HTTPS as far as I know. Pretty sure it is HTTP. So I'd rather ESET take care of this. 

So I guess my question is, is ESET's ability to check the validity of certificates as powerful as OCSP, and is it safer to use ESET's instead?


Link to comment
Share on other sites

OCSP is a far more reliable way to verify certificate status than relying on CRLs.

The question you should be asking is if the AV vendors that perform SSL protocol scanning perform OCSP properly. There is plenty of web based comment on that issue.

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...