I use stunnel to connect to my old "smart" switches from modern browsers. Here is a subset of the configuration for one of the switches. [switch1-frontend] sni = frontend:switch1.penurio.us CAfile = /etc/ipa/ca.crt cert = /etc/pki/tls/certs/stunnel/switch1.crt key = /tmp/keys/switch1.key connect = 127.255.255.254:8081 [switch1-backend] client = yes accept = 127.255.255.254:8081 connect = 172.31.4.1:443 verifyChain = yes checkHost = switch1.penurio.us CAfile = /etc/ipa/ca.crt sslVersion = TLSv1 ciphers = DHE-RSA-AES256-SHA options = ALLOW_UNSAFE_LEGACY_RENEGOTIATION securityLevel = 0 OCSPrequire = no OCSPaia = no Everything works, execept that every connection produces a bright red warning in my log: OCSP: No OCSP stapling response received I've read up on OCSP stapling, that this seems to mean that the switch isn't including an OCSP response in its TLS handshake. (Hardly surprising, given its age.) How can I tell stunnel to not request/expect an OCSP response from the switch (or at least to not log the missing OCSP response as a warning)? -- ======================================================================== If your user interface is intuitive in retrospect ... it isn't intuitive ========================================================================