On 29.09.2015 18:24, Reindl Harald wrote: > i just restarted the servers and disabled stapling since all our > servcies where unreachable (before i write the second mail 5 different > hosts with several sites where affected) > > in fact the error caching does more harm than benefits - IHMO a better > "could not reach OCSP server or received a error from it" caching would > be just temporary disable stapling for 10 minutes instead lead in > connections fail even from clients which have disabled OCSP completly > >>> firefox refused to open our adminpanel with the error below until i >>> restarted httpd
The default for SSLStaplingReturnResponderErrors is relatively odd. Not sure why it has always defaulted to "on" (r829619), but setting it to off should save you further troubles with Firefox clients. Kaspar
