To use OCSP, the client accessing EFS must be able to reach the Amazon Certificate
Authority (CA). To maximize file system availability in the event that the CA is
not reachable from your VPC, the EFS mount helper no longer enables OCSP by default.

See here for more info:

https://aws.amazon.com/about-aws/whats-new/2019/07/configuration-update-for-amazon-efs-encryption-data-in-transit/