3.11.36. TLS_OCSPStrict Previous topic Parent topic Child topic Next topic

This optional flag parameter defines if Online Certificate Status must be checked successfully, otherwise the peer certificate is rejected.
When TLS_OCSPStrict is set, the certificate check must be successful in all phases. Here are some examples when the certificate check fails if TLS_OCSPStrict is set:
  • TLS_OCSPURI is not set and the certificate does not have OCSP URI.
  • OCSP responder is not responding.
  • OCSP responder cannot be reached.