OCSP clock skew configuration
Jamil Nimeh
jamil.j.nimeh at oracle.com
Tue Sep 29 16:35:40 UTC 2015
Hi Usha, you might try setting the System property
com.sun.security.ocsp.clockSkew. It takes an integer value for the
clock skew in seconds. Give that a try and let me know how that works out.
--Jamil
On 09/29/2015 06:49 AM, Seshadri, Usha wrote:
>
> Hi,
>
> The following bug reports seems to indicate the OCSP validation code
> should permit clock skew when checking the validity of OCSP responses.
>
> 1.JDK-674888 (Bug - affected version 6u11)
>
> 2.JDK-2166696 (Backport – fixed version 6u10 (b32)
>
> 3.JDK-2186994 (Backport – fixed version OpenJDK6 (b18)
>
> 4.JDK-2166740 (Backport – fixed version 7 (b41))
>
> I am using Java8, and would expect it to have all the above fixes.
> Changing the value of “deployment.security.validation.clockskew” has
> no impact on the OCSP certification validation. The certificate
> validation always defaults to 15 minutes.
>
> What configurable property (and what file) controls the OCSP
> validation clock skew? Any answer will be greatly appreciated!
>
> Thanks,
>
> Usha Seshadri
>
> Lockheed Martin, IS&GS
>
> 301-240-7496
>
> LM-logo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20150929/e2248a28/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 3520 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20150929/e2248a28/attachment.jpe>
More information about the security-dev
mailing list