From f8e4f0ba7f1ba40882fd13113ff14e75137684ed Mon Sep 17 00:00:00 2001
From: Grant Slater <github@firefishy.com>
Date: Mon, 11 Aug 2025 17:20:25 +0100
Subject: [PATCH] Revert "apache: remove fragments of old SSL Stapling support"

This reverts commit 501977933a2755839ad84a7c4310c9ea174f76d3.
---
 cookbooks/apache/templates/default/ssl.erb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb
index 72ac3b857..6ddb01b90 100644
--- a/cookbooks/apache/templates/default/ssl.erb
+++ b/cookbooks/apache/templates/default/ssl.erb
@@ -5,4 +5,11 @@ SSLProtocol All -SSLv2 -SSLv3
 SSLHonorCipherOrder On
 SSLCipherSuite <%= node[:ssl][:openssl_ciphers] %>
 
+SSLUseStapling off
+SSLStaplingResponderTimeout 5
+SSLStaplingErrorCacheTimeout 60
+SSLStaplingReturnResponderErrors off
+SSLStaplingFakeTryLater off
+SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
+
 Header always set Strict-Transport-Security "<%= node[:ssl][:strict_transport_security] %>" "expr=%{HTTPS} == 'on'"
-- 
2.39.5