Is it safe to deny access to OCSP with ESET checking certificates?

[javajava 0]

I'm really trying to limit what dials out and what doesn't, but I'm curious if ESET's "if the certificate is invalid or corrupt, block communication that uses certificate" is good enough, and it's safe to deny dialing out to OCSP. Primarily because OCSP doesn't use HTTPS as far as I know. Pretty sure it is HTTP. So I'd rather ESET take care of this. 

So I guess my question is, is ESET's ability to check the validity of certificates as powerful as OCSP, and is it safer to use ESET's instead?

Thanks.

[itman 1,659]

OCSP is a far more reliable way to verify certificate status than relying on CRLs.

The question you should be asking is if the AV vendors that perform SSL protocol scanning perform OCSP properly. There is plenty of web based comment on that issue.