From 1ff9f08fc24e469b5b577b4f638eef19c46c0b62 Mon Sep 17 00:00:00 2001
From: Grant Slater <github@firefishy.com>
Date: Tue, 22 Jul 2025 21:42:06 +0100
Subject: [PATCH] nginx: No longer enable OCSP stapling

---
 cookbooks/nginx/templates/default/nginx.conf.erb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cookbooks/nginx/templates/default/nginx.conf.erb b/cookbooks/nginx/templates/default/nginx.conf.erb
index 0d2387b2e..7a9f13691 100644
--- a/cookbooks/nginx/templates/default/nginx.conf.erb
+++ b/cookbooks/nginx/templates/default/nginx.conf.erb
@@ -40,10 +40,10 @@ http {
     ssl_session_cache shared:SSL:50m;
     ssl_session_timeout 30m;
 
-    ssl_stapling on;
+    ssl_stapling off;
 
     # Validate the stapling response is signed by a trusted certificate
-    ssl_stapling_verify on;
+    ssl_stapling_verify off;
     ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
 
     ssl_dhparam /etc/ssl/certs/dhparam.pem;
-- 
2.39.5