Am 01.10.2015 um 14:53 schrieb Plüm, Rüdiger, Vodafone Group:
-----Ursprüngliche Nachricht----- Von: Reindl Harald [mailto:[email protected]]The default for SSLStaplingReturnResponderErrors is relatively odd. Not sure why it has always defaulted to "on" (r829619), but setting it to off should save you further troubles with Firefox clients.not really, i had the error message just now again in FF, the difference was that now a "try again" loaded the page but with "SSLStaplingReturnResponderErrors" i would expect it invisible to clients in general - GoDaddy seems to have massive problems with their responders the last days and the defaults with stapling enabled make them to a perfect DOS target [Thu Oct 01 13:33:01.179365 2015] [ssl:error] [pid 19312] [client 10.0.0.99:37860] AH01980: bad response from OCSP server: (none) [Thu Oct 01 13:33:01.179393 2015] [ssl:error] [pid 19312] AH01941: stapling_renew_response: responder error SSLStaplingCache shmcb:/var/cache/mod_ssl/ocsp_cache(1048576) SSLStaplingStandardCacheTimeout 86400 SSLStaplingErrorCacheTimeout 300 SSLStaplingReturnResponderErrors OffWhat happens if you set SSLStaplingFakeTryLater off in addition?
i added that now and will have a look over the serverlogs, it's not happening all the time but very often and so if the logs are clear within 24 hours the problem is likely solved
thanks!
signature.asc
Description: OpenPGP digital signature
