apache ssl: faster timeout on slow OCSP responses
authorGrant Slater <git@firefishy.com>
Sat, 11 Oct 2014 18:47:36 +0000 (19:47 +0100)
committerGrant Slater <git@firefishy.com>
Sat, 11 Oct 2014 18:47:36 +0000 (19:47 +0100)
cookbooks/apache/templates/default/ssl.erb

index 07f007c50d3951359f5129f9babbccee22a586a8..9f453858b12d4ed71be2ec2e06a062e822dc0fc1 100644 (file)
@@ -9,6 +9,7 @@ SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
 <% if node[:lsb][:release].to_f >= 14.04 -%>
 
 SSLUseStapling On
+SSLStaplingResponderTimeout 5
 SSLStaplingReturnResponderErrors off
 SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
 <% end -%>