Try to make apache SSL stapling more robust

author Tom Hughes <tom@compton.nu>

Tue, 21 Mar 2017 12:43:17 +0000 (12:43 +0000)

committer Tom Hughes <tom@compton.nu>

Tue, 21 Mar 2017 12:43:17 +0000 (12:43 +0000)
author Tom Hughes <tom@compton.nu>
Tue, 21 Mar 2017 12:43:17 +0000 (12:43 +0000)
committer Tom Hughes <tom@compton.nu>
Tue, 21 Mar 2017 12:43:17 +0000 (12:43 +0000)
diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb

index 17ee112b6c9b5ee6915660aa0061794f71fc0809..a703b04c7a518c9e6e241315af11c86adc5033d9 100644 (file)
--- a/cookbooks/apache/templates/default/ssl.erb
+++ b/cookbooks/apache/templates/default/ssl.erb
@@ -11,5 +11,7 @@ SSLCertificateChainFile /etc/ssl/certs/letsencrypt.pem
  
  SSLUseStapling On
  SSLStaplingResponderTimeout 5
+SSLStaplingErrorCacheTimeout 60
  SSLStaplingReturnResponderErrors off
+SSLStaplingFakeTryLater off
  SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
author	Tom Hughes <tom@compton.nu>
	Tue, 21 Mar 2017 12:43:17 +0000 (12:43 +0000)
committer	Tom Hughes <tom@compton.nu>
	Tue, 21 Mar 2017 12:43:17 +0000 (12:43 +0000)