[packages/apache] SSLUseStapling should not be enabled if using self-generated certs
glen
glen at pld-linux.org
Tue Oct 6 15:54:48 CEST 2015
commit 0636fdbc225dc8fc9d80589bebdb1c5eef9f0fba
Author: Elan Ruusamäe <glen at delfi.ee>
Date: Tue Oct 6 16:54:36 2015 +0300
SSLUseStapling should not be enabled if using self-generated certs
apache-mod_ssl.conf | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
---
diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf
index a9062f4..5fdfa7e 100644
--- a/apache-mod_ssl.conf
+++ b/apache-mod_ssl.conf
@@ -76,7 +76,7 @@ SSLHonorCipherOrder on
SSLCompression off
# OCSP Stapling
-SSLUseStapling on
+SSLUseStapling off
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/cache/httpd/ocsp(128000)
@@ -93,6 +93,10 @@ SSLStaplingCache shmcb:/var/cache/httpd/ocsp(128000)
# Enable/Disable SSL for this virtual host.
SSLEngine on
+# Enable, if you have real ssl cert and want to cache OCSP
+# https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
+SSLUseStapling off
+
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/apache.git/commitdiff/0636fdbc225dc8fc9d80589bebdb1c5eef9f0fba
More information about the pld-cvs-commit
mailing list