https://bz.apache.org/bugzilla/show_bug.cgi?id=57121
--- Comment #6 from Björn Jacke <[email protected]> --- Apache with mod_ssl and ocsp is only reliably usable if you change some settings similar like this: SSLUseStapling on SSLOCSPProxyURL http://your.proxy.if.you.have.one:3128/ SSLStaplingResponderTimeout 4 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000) SSLStaplingStandardCacheTimeout 172800 SSLStaplingErrorCacheTimeout 60 As you can see this is a know problem since more than 5 years and would be simple to fix with different default values. What I can recommend to you instead: Just stop using mod_ssl in Apache and use for examle HAProxy as reverse proxy which does TLS termination also. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
