Hello! On Sun, Nov 08, 2015 at 04:16:14PM +0100, Joó Ádám wrote:
> Do we know if there’s any plan to support the signed certificate > timestamp TLS extension in Nginx? (There’s apparently a third party > module that implements the functionality: > https://github.com/grahamedgecombe/nginx-ct) No plans. > The TLS extension is the only method to implement Certificate > Transparency without the assistance of the CA, and starting with > January 1 2015 Chrome refuses to display the green bar for EV > certificates without Certificate Transparency. > > StartSSL is one CA that currently does not support other methods, > which means a lot of sites suffers from this. There are at lease some CAs that provide CT support without a need to submit a certificate to log servers yourself and use the signed_certificate_timestamp extension. Given that's all about EV certs, switching to a different CA is a solution to consider if a particular CA doesn't support CT. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
