Is there any security benefit to OCSP stapling or is it purely for performance?
Is the performance benefit appreciable, or will it go relatively un-noticed?
No, there is virtually no performance hit to your own server for implementing OCSP Stapling. Your server will update the revocation status every 15 minutes or so, which involves one HTTP transaction to the OCSP Repsonder.
Most browsers do not implement any kind of public CRL because CRL doesn't scale. Indeed, that's why OCSP was proposed to replace it. Some browsers have a private internal CRL for well-known dangerous or exploited revoked certificates, but an ordinary small website owner cannot really get a revoked certificate added to that internal list.
Yes, I have implemented OCSP Stapling on some servers that I manage (Qualys SSL Labs - Projects / SSL Server Test / thedanzone.net). The only difficulty is getting the web server set up to properly serve stapled OCSP. This varies from web server to web server, so you'll have to refer to their documentation.
OCSP Stapling is purely a performance enhancement in theory. However, in practice, it does indeed improve security.
Online Certificate Status Protocol (OCSP) is a mechanism where a client browser can check a 3rd-party server to verify that a particular certificate is not revoked. This does indeed improve security, since the client browser will not show the secure content if the certificate comes back revoked. But because checking for revocation involves a second HTTP transaction to the certificate revocation server (termed the OCSP Responder), some browsers do not implement OCSP because of this performance hit (notably Google Chrome). There is also a privacy implication in that the browser is now telling a 3rd-party what site you're visiting because it has to ask the OCSP Responder for the revocation status.
OCSP Stapling gets around both the performance impact and the privacy issue by letting the original web server periodically query the OCSP Responder itself, and then serve clients both its own certificate as well as the proof from the OCSP Responder that the certificate isn't revoked. (i.e. the proof of non-revocation is "stapled" to the original certificate when sent to the client). Because this removes the performance hit for the client and the privacy issue, browsers are more likely to implement support for OCSP Stapling rather than just OCSP, thus it indirectly helps in security.
Ok great, that is some really useful information.
Will there be an extra performance hit on our own server if we use OCSP stapling?
If a browser can't use OCSP, will it automatically use CRL instead? Or do a lot of browsers not check either?
From what you are saying, it sounds as if OCSP stapling will be beneficial both from a performance and security aspect - so seems like a no brainer! Are there any pitfalls for me to be aware of?
Thanks a lot for your reply again Dan. I have become quite obsessed with optimising both the security and speed of the website - as it is both beneficial for our users and a bit of a challenge!
Having said that, I am on Apache 2.2.15 so it seems like I might be out of luck for now as OCSP stapling is not available!
Hopefully SPDY setup will be a little easier.
Retrieving data ...