From 0636fdbc225dc8fc9d80589bebdb1c5eef9f0fba Mon Sep 17 00:00:00 2001
From: =?utf8?q?Elan=20Ruusam=C3=A4e?= <glen@delfi.ee>
Date: Tue, 6 Oct 2015 16:54:36 +0300
Subject: [PATCH 1/1] SSLUseStapling should not be enabled if using
 self-generated certs

---
 apache-mod_ssl.conf | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf
index a9062f4..5fdfa7e 100644
--- a/apache-mod_ssl.conf
+++ b/apache-mod_ssl.conf
@@ -76,7 +76,7 @@ SSLHonorCipherOrder on
 SSLCompression off
 
 # OCSP Stapling
-SSLUseStapling          on
+SSLUseStapling          off
 SSLStaplingResponderTimeout 5
 SSLStaplingReturnResponderErrors off
 SSLStaplingCache        shmcb:/var/cache/httpd/ocsp(128000)
@@ -93,6 +93,10 @@ SSLStaplingCache        shmcb:/var/cache/httpd/ocsp(128000)
 #   Enable/Disable SSL for this virtual host.
 SSLEngine on
 
+# Enable, if you have real ssl cert and want to cache OCSP
+# https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
+SSLUseStapling          off
+
 #   Server Certificate:
 #   Point SSLCertificateFile at a PEM encoded certificate.  If
 #   the certificate is encrypted, then you will be prompted for a
-- 
2.44.0