From: Grant Slater <git@firefishy.com>
Date: Sat, 11 Oct 2014 18:47:36 +0000 (+0100)
Subject: apache ssl: faster timeout on slow OCSP responses
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/3fd693994f6be14e2a818232a70a6232903ec403?hp=55f07b266707be40843e951f5811e0de82b50fb5

apache ssl: faster timeout on slow OCSP responses
---

diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb
index 07f007c50..9f453858b 100644
--- a/cookbooks/apache/templates/default/ssl.erb
+++ b/cookbooks/apache/templates/default/ssl.erb
@@ -9,6 +9,7 @@ SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
 <% if node[:lsb][:release].to_f >= 14.04 -%>
 
 SSLUseStapling On
+SSLStaplingResponderTimeout 5
 SSLStaplingReturnResponderErrors off
 SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
 <% end -%>