From 3fd693994f6be14e2a818232a70a6232903ec403 Mon Sep 17 00:00:00 2001
From: Grant Slater <git@firefishy.com>
Date: Sat, 11 Oct 2014 19:47:36 +0100
Subject: [PATCH 1/1] apache ssl: faster timeout on slow OCSP responses

---
 cookbooks/apache/templates/default/ssl.erb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb
index 07f007c50..9f453858b 100644
--- a/cookbooks/apache/templates/default/ssl.erb
+++ b/cookbooks/apache/templates/default/ssl.erb
@@ -9,6 +9,7 @@ SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
 <% if node[:lsb][:release].to_f >= 14.04 -%>
 
 SSLUseStapling On
+SSLStaplingResponderTimeout 5
 SSLStaplingReturnResponderErrors off
 SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
 <% end -%>
-- 
2.43.2