Try to make apache SSL stapling more robust

author Tom Hughes <tom@compton.nu>

Tue, 21 Mar 2017 12:43:17 +0000 (12:43 +0000)

committer Tom Hughes <tom@compton.nu>

Tue, 21 Mar 2017 12:43:17 +0000 (12:43 +0000)
author Tom Hughes <tom@compton.nu>
Tue, 21 Mar 2017 12:43:17 +0000 (12:43 +0000)
committer Tom Hughes <tom@compton.nu>
Tue, 21 Mar 2017 12:43:17 +0000 (12:43 +0000)
diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb

index 17ee112..a703b04 100644 (file)
--- a/cookbooks/apache/templates/default/ssl.erb
+++ b/cookbooks/apache/templates/default/ssl.erb
@@ -11,5 +11,7 @@ SSLCertificateChainFile /etc/ssl/certs/letsencrypt.pem
  
  SSLUseStapling On
  SSLStaplingResponderTimeout 5
+SSLStaplingErrorCacheTimeout 60
  SSLStaplingReturnResponderErrors off
+SSLStaplingFakeTryLater off
  SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
author	Tom Hughes <tom@compton.nu>
	Tue, 21 Mar 2017 12:43:17 +0000 (12:43 +0000)
committer	Tom Hughes <tom@compton.nu>
	Tue, 21 Mar 2017 12:43:17 +0000 (12:43 +0000)