发明名称 |
Systems and methods for evaluating and prioritizing responses from multiple OCSP responders |
摘要 |
The present disclosure is directed towards systems and methods for determining a status of a client certificate from a plurality of responses for an Online Certificate Status Protocol (OCSP) request. An intermediary device between a plurality of clients and one or more servers identifies a plurality of OCSP responders for determining a status of a client certificate responsive to receiving the client certificate from a client during a Secure Socket Layer (SSL) handshake. Each of the plurality of OCSP responders may transmit a request for the status of the client certificate to a uniform resource locator corresponding to each OCSP responder. The intermediary device may determine a single status for the client certificate from a plurality of statuses of the client certificate received via responses from each uniform resource locator. |
申请公布号 |
US9172545(B2) |
申请公布日期 |
2015.10.27 |
申请号 |
US201314132303 |
申请日期 |
2013.12.18 |
申请人 |
CITRIX SYSTEMS, INC. |
发明人 |
Edstrom Christofer;Kanekar Tushar |
分类号 |
H04L29/06;H04L9/32;H04L29/08 |
主分类号 |
H04L29/06 |
代理机构 |
Foley & Lardner LLP |
代理人 |
Foley & Lardner LLP ;McKenna Christopher J.;Pua Paul M. H. |
主权项 |
1. A method of determining a status of a client certificate from a plurality of client certificate statuses, the method comprising:
(a) receiving, by a device, a client certificate from a client during a Secure Socket Layer (SSL) handshake; (b) transmitting, by the device, a plurality of requests for a status of the client certificate to a plurality of servers, the device performing portions of the SSL handshake while waiting to determine a status of the client certificate; (c) receiving, by the device, a plurality of statuses of the client certificate via responses from the plurality of servers; and (d) determining, by the device from the plurality of statuses, the status of the client certificate to use for the SSL handshake. |
地址 |
Fort Lauderdale FL US |