Copyright © 1993, 2018, Oracle and/or its affiliates. All rights reserved.
This is a text description of the figure Client-driven OCSP.
The figure illustrates how client-driven OCSP fits into the TLS Handshake. The sequence is:
The client sends a ClientHello message with a status request extension to the server.
The server receives this message and processes it.
The server sends an OCSP request to the OCSP responder for this certificate.
The OCSP responder receives the request, then returns an OCSP response to the server.
The server sends a ServerHello message with a status request extension to the client.
The server sends a certificate message to the client.
The server sends a certificate status message to the client.
The server sends additional ServerHello messages, followed by a ServerHello done messages to the client.
The client validates the server certificate
The client checks the OCSP response in the certificate status message to determine if the certificate has been revoked.
The client and server complete the TLS handshake (this takes multiple additional messages).