support of OCSP-Staling/MUST STAPLE means improved security for NGINX as it passes Apache as the server of choice among top sites on the Internet.
Beginning with the . The use of OCSP-Stapling, means that the growing number of top sites on the Internet using NGINX will take advantage of security enhancements added on top of SSL encryption.
New initiatives supported by are designed to improve online data security. Adding OCSP Stapling/MUST STAPLE, Certificate Authority Authorization (CAA), or taking advantage of Google's Certificate Transparency (CT), will helpimprove privacy, reliability and validitychecking for sites on the Internet.
“We have been continuously working on enhancements to NGINX that increase performance, reliability and security. With improved SSL functionality we expect the vast majority of our customers to share our enthusiasm for increased safety on the Internet.” -Igor Sysoev CTO and principal architect at NGINX
OCSP offers real-timestatus information used to confirmthat an SSL Certificate on a website is valid. OCSP acts as an authoritative answer for certificate trust without relying on cached information, and is popular alternative to revocation lists.
OCSP-Stapling takes basic OCSP to the next level of trust by allowing theorganization usingthe SSL Certificate, to respondto the browser's OCSP request instead relying solely on Certificate Authority.
NGINX has the reputation of being an ultra fast and reliable web server. Nearly 40% of top 1000 traffic sites on the Internet use the NGINX web server and it's increasingly becoming a popular web serverof choice for administrators.