must-staple

RU: must-staple

OCSP Must-Staple (RFC 7633): an X.509 v3 certificate extension that requires the TLS server to include a stapled OCSP response in the handshake. If no valid stapled response is present the client must reject the connection, closing the soft-fail loophole where browsers silently accept certificates without a revocation check.