jct-ocsp-nonce-generation-enable

jct-ocsp-nonce-generation-enable = {yes|no}

Description

Determines whether WebSEAL generates a nonce as part of the OCSP request. Enabling this option can improve security by preventing replay attacks on WebSEAL but may cause an excessive load on an OCSP Responder appliance as the responder cannot use cached responses and must sign each response.

Options

Usage:

This stanza entry is optional.

Default: no

Example:

jct-ocsp-nonce-generation-enable = no

Parent topic: [junction] stanza