commit 0636fdbc225dc8fc9d80589bebdb1c5eef9f0fba
Author: Elan Ruusamäe <[email protected]>
Date: Tue Oct 6 16:54:36 2015 +0300
SSLUseStapling should not be enabled if using self-generated certs
apache-mod_ssl.conf | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
---
diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf
index a9062f4..5fdfa7e 100644
--- a/apache-mod_ssl.conf
+++ b/apache-mod_ssl.conf
@@ -76,7 +76,7 @@ SSLHonorCipherOrder on
SSLCompression off
# OCSP Stapling
-SSLUseStapling on
+SSLUseStapling off
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/cache/httpd/ocsp(128000)
@@ -93,6 +93,10 @@ SSLStaplingCache shmcb:/var/cache/httpd/ocsp(128000)
# Enable/Disable SSL for this virtual host.
SSLEngine on
+# Enable, if you have real ssl cert and want to cache OCSP
+#
https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
+SSLUseStapling off
+
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/apache.git/commitdiff/0636fdbc225dc8fc9d80589bebdb1c5eef9f0fba
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
