From: Elan Ruusamäe <glen@delfi.ee>
Date: Tue, 6 Oct 2015 13:54:36 +0000 (+0300)
Subject: SSLUseStapling should not be enabled if using self-generated certs
X-Git-Tag: auto/th/apache-2.4.17-1~1
X-Git-Url: https://git.pld-linux.org/?a=commitdiff_plain;h=0636fdbc225dc8fc9d80589bebdb1c5eef9f0fba;hp=72c3b9e2561a06fb80df1bae6de79db7296586f2;p=packages%2Fapache.git

SSLUseStapling should not be enabled if using self-generated certs
---

diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf
index a9062f4..5fdfa7e 100644
--- a/apache-mod_ssl.conf
+++ b/apache-mod_ssl.conf
@@ -76,7 +76,7 @@ SSLHonorCipherOrder on
 SSLCompression off
 
 # OCSP Stapling
-SSLUseStapling          on
+SSLUseStapling          off
 SSLStaplingResponderTimeout 5
 SSLStaplingReturnResponderErrors off
 SSLStaplingCache        shmcb:/var/cache/httpd/ocsp(128000)
@@ -93,6 +93,10 @@ SSLStaplingCache        shmcb:/var/cache/httpd/ocsp(128000)
 #   Enable/Disable SSL for this virtual host.
 SSLEngine on
 
+# Enable, if you have real ssl cert and want to cache OCSP
+# https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
+SSLUseStapling          off
+
 #   Server Certificate:
 #   Point SSLCertificateFile at a PEM encoded certificate.  If
 #   the certificate is encrypted, then you will be prompted for a