Christian Heimes added the comment: OCSP can prevent MITM attacks when the private server cert or CA cert got compromised or stolen somehow. ---------- _______________________________________ Python tracker <report at bugs.python.org> <http://bugs.python.org/issue17123> _______________________________________