How to enable OCSP stapling on my FTPS server. Is it even possible with vsftpd or not?
Even if possible, would it be wise on an FTPS server? Isn't that only a web-thing?
Current result:
High-Tech Bridge > SSL/TLS Server Test > ftp.zalohovaniburian.cz:21
Is it even possible with vsftpd or not?
After looking at the documentation there is no way to configure OCSP stapling support in vsvftpd.
Even if possible, would it be wise on an FTPS server? Isn't that only a web-thing?
OCSP stapling serves the OCSP response inside the TLS handshake. This makes sense for FTP too since this way the FTP client does not need to do an extra OCSP lookup (which costs performance and is more privacy-invasive). But, if any relevant FTP clients to an OCSP lookup in the first place is unknown to me, at least in the past many did even do proper certificate validations like validating the hostname.
I am not sure about if vsftpd natively supports OCSP but it surely is a good use case to have OCSP enabled for an SFTP server. I am probably guessing you already have a tls certificate. How are you doing the revocation checks for now? Is it through CRL's?
