Systems and methods for evaluating and prioritizing responses from multiple OCSP responders

摘要

The present disclosure is directed towards systems and methods for determining a status of a client certificate from a plurality of responses for an Online Certificate Status Protocol (OCSP) request. An intermediary device between a plurality of clients and one or more servers identifies a plurality of OCSP responders for determining a status of a client certificate responsive to receiving the client certificate from a client during a Secure Socket Layer (SSL) handshake. Each of the plurality of OCSP responders may transmit a request for the status of the client certificate to a uniform resource locator corresponding to each OCSP responder. The intermediary device may determine a single status for the client certificate from a plurality of statuses of the client certificate received via responses from each uniform resource locator.

主权项

1. A method of determining a status of a client certificate from a plurality of client certificate statuses, the method comprising:
(a) receiving, by a device, a client certificate from a client during a Secure Socket Layer (SSL) handshake; (b) transmitting, by the device, a plurality of requests for a status of the client certificate to a plurality of servers, the device performing portions of the SSL handshake while waiting to determine a status of the client certificate; (c) receiving, by the device, a plurality of statuses of the client certificate via responses from the plurality of servers; and (d) determining, by the device from the plurality of statuses, the status of the client certificate to use for the SSL handshake.