# OCSP Topics: [[TLS]] **OCSP** or **Online Certificate Status Protocol** is an internet protocol that checks the validity status of a [[TLS]] certificate in real-time. It is an alternative to **CRL** or **Certificate Revocation List**s. It is described in [RFC 2560](http://datatracker.ietf.org/doc/rfc2560/). When a user makes a `https://` connection with a web server, their browser normally performs an OCSP check with the CA that issued the SSL certificate to confirm that the certificate has not been revoked. In some cases, this may create a momentary delay in the SSL handshake. ## OCSP stapling OCSP Stapling improves performance by caching a digitally-signed and time-stamped version of the OCSP response directly on the webserver. This stapled OCSP response is then refreshed at predefined intervals set by the CA. The stapled OCSP response allows the web server to include the OCSP response within the initial SSL handshake, without the need for the user to make a separate external connection to the CA. OCSP Stapling improves the connection speed of the SSL handshake by combining two requests into one. This cuts down on the amount of time it takes to load an encrypted webpage (TTFB, "Time To First Byte"). Site visitors also gain a privacy advantage from OCSP Stapling as they are no longer required to make a connection to the CRL for the OCSP request. Rather than see which websites a user has visited, the CA will only see OCSP requests from the web site and not its users.