[darkhelmet]

cough nginx. Nginx would start up and serve TLS on must-staple certs .. before doing the staple setup. ie: any client that validated that a must-staple cert had a stapled ocsp ticket would fail for the first few queries after nginx startup.

I don't know if they've fixed it yet. I doubt it though - they were pretty aggressive in their assertion that violating must-staple wasn't a concern.

[Nekit1234007]

Well, this ticket is still open: https://trac.nginx.org/nginx/ticket/812

[agwa]

Yeah, I looked into nginx's stapling implementation almost a decade ago. I fixed some simpler bugs (I submitted a patch which was mostly rewritten and then merged) but fixing the problem you mention would have required major re-architecting. I doubt it has changed.

[Avamander]

Apache as well, though mod_md improves on it significantly.