主权项 |
1. A method comprising:
(a) receiving, by a device intermediary between a plurality of clients and one or more servers, while waiting a predetermined time period, a plurality of client certificates of the plurality of clients for a plurality of Secure Socket Layer (SSL) handshakes, each of the plurality of SSL handshakes between the device and a corresponding client of the plurality of clients, the plurality of clients communicating with the one or more servers via the device; (b) determining, by the device, that the received plurality of client certificates corresponds to a single certificate authority; (c) transmitting, by the device responsive to expiration of the predetermined time period and to the determination that the received plurality of client certificates corresponds to the single certificate authority, and while portions of each of the plurality of SSL handshakes are outstanding, a single request for the plurality of SSL handshakes to an Online Certificate Status Protocol (OCSP) responder to determine the status of each of the plurality of client certificates; (d) identifying, by the device, the status of each of the plurality of client certificates from a response received from the OCSP responder; and (e) determining, by the device responsive to the status, whether to establish a SSL connection for each of the SSL handshakes of the plurality of SSL handshakes. |