Try to make apache SSL stapling more robust
authorTom Hughes <tom@compton.nu>
Tue, 21 Mar 2017 12:43:17 +0000 (12:43 +0000)
committerTom Hughes <tom@compton.nu>
Tue, 21 Mar 2017 12:43:17 +0000 (12:43 +0000)
cookbooks/apache/templates/default/ssl.erb

index 17ee112..a703b04 100644 (file)
@@ -11,5 +11,7 @@ SSLCertificateChainFile /etc/ssl/certs/letsencrypt.pem
 
 SSLUseStapling On
 SSLStaplingResponderTimeout 5
+SSLStaplingErrorCacheTimeout 60
 SSLStaplingReturnResponderErrors off
+SSLStaplingFakeTryLater off
 SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)