(May 22) Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having [More…]
(May 23) The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an empty root password by default. The Red Hat Security Response Team has rated this update as having [More…]
(May 23) Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input [More…]
New check has been added:
– Add warning that Mailman specific settings set up through Mailman admin interface or un-approved messages in moderated lists will be lost during migration
| Rank | Company site | OS | Outage hh:mm:ss |
Failed Req% |
DNS | Connect | First byte |
Total |
| 1 | ocsp.starfieldtech.com | Linux | 0:00:00 | 0.013 | 0.111 | 0.023 | 0.043 | 0.043 |
| 2 | ocsp.trendmicro.com/tmca | Citrix Netscaler | 0:00:00 | 0.019 | 0.043 | 0.099 | 0.200 | 0.200 |
| 3 | ocsp.entrust.net | Linux | 0:00:00 | 0.022 | 0.251 | 0.014 | 0.249 | 0.249 |
| 4 | ocsp.godaddy.com | Linux | 0:00:00 | 0.022 | 0.164 | 0.021 | 0.041 | 0.041 |
| 5 | ocsp.digicert.com | Linux | 0:00:00 | 0.022 | 0.027 | 0.026 | 0.051 | 0.051 |
| 6 | ocsp.quovadisglobal.com | Windows Server 2003 | 0:00:00 | 0.032 | 0.021 | 0.116 | 0.222 | 0.222 |
| 7 | ocsp.verisign.com | Citrix Netscaler | 0:00:00 | 0.038 | 0.050 | 0.084 | 0.168 | 0.168 |
| 8 | evsecure-ocsp.verisign.com | Citrix Netscaler | 0:00:00 | 0.041 | 0.239 | 0.085 | 0.168 | 0.168 |
| 9 | ocsp.thawte.com | Citrix Netscaler | 0:00:00 | 0.044 | 0.041 | 0.083 | 0.165 | 0.165 |
| 10 | ocsp.startssl.com/sub/class4/server/ca | Linux | 0:00:00 | 0.047 | 0.086 | 0.011 | 0.041 | 0.041 |
Starfield Technologies had the most reliable OCSP responder during April, failing to respond to only 4 of Netcraft’s OCSP requests. Starfield also had the most reliable responder in March, but showed a slight improvement to its average connection times in April. Starfield was founded as the technology and research branch of Go Daddy in 2003, and Go Daddy customers can choose to have their SSL certificates issued by either Starfield or Go Daddy.
Trend Micro had the second most reliable OCSP responder, which failed to respond to only 6 requests. However, this could be one of the survey’s least busy responders: Netcraft’s April 2013 SSL Survey discovered only 113 valid SSL certificates issued by Trend Micro, all of which are organisation validated. 29 of these certificates are used by a single organisation, Florida Hospital.
StartCom (which operates StartSSL) once again exhibited the fastest connection times, taking only a hundredth of a second to establish a TCP connection for one of its OCSP URLs. However, its reliability was only just good enough to make it into the top ten — in total, 15 requests to
http://ocsp.startssl.com/sub/class4/server/ca failed during April.
Linux is the most popular choice of operating system on which to run an OCSP responder, and it certainly seems to perform well with regard to connection times: all of the top 25 fastest OCSP responders used Linux in April. In terms of failed requests, though, the distribution of Citrix Netscaler appliances is skewed towards the more reliable end of the spectrum — of the five responders that were using Netscaler, four of them feature in the top ten. QuoVadis’s OCSP responder, which was sixth most reliable in April, is one of only two responders that ran on Windows.
On April 24, nginx 1.4.0 stable was released, incorporating several new features that had previously only been released in development branches of the web server. One of the most important performance features is that nginx now support OCSP stapling. This feature is designed to improve performance by allowing secure websites to "staple" a cached OCSP response to the TLS handshake, removing the need for the client browser to make a second, separate connection to the certificate authority’s OCSP responder.
The Online Certificate Status Protocol (OCSP) is an alternative method to Certificate Revocation Lists (CRLs) for obtaining the revocation status of an individual SSL certificate. Fast and reliable OCSP responders are essential for both Certificate Authorities (CAs) and their customers — a slow OCSP response will introduce an additional delay before many browsers can start sending and receiving encrypted traffic over an HTTPS connection.
59 queries. 8.75 mb Memory usage. 1.486 seconds.