JDK 17 introduced a performance improvement that made OCSP clients unconditionally use GET requests for small requests, while doing POST requests for everything else. This is explicitly allowed and recommended by RFC 5019 and RFC 6960. However, we have seen OCSP responders that, despite RFC requirements, are not working well with GET requests.

This release introduces a new JDK system property to allow clients to fallback to POST-only behavior. This unblocks interactions with those OCSP responders through the use of `-Dcom.sun.security.ocsp.useget={false,true}`. This amends the original change that introduced GET OCSP requests (JDK-8179503). The default behavior is not changed; the option defaults to `true`. Set the option to `false` to disable GET OCSP requests. Any value other than `false` (case-insensitive) defaults to `true`.

This option is non-standard, and might go away once problematic OCSP responders get upgraded.