1251b34b5b
The recommended TLS configuration comes with `ssl_stapling on` and
`ssl_stapling_verify on`. However, this last directive also requires
the use of `ssl_trusted_certificate` to verify the received answer.
When using `enableACME` or similar, we can help the user by providing
the correct value for the directive.
The result can be tested with:
openssl s_client -connect web.example.com:443 -status 2> /dev/null
Without OCSP stapling, we get:
OCSP response: no response sent
After this change, we get:
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Produced At: Aug 30 20:46:00 2018 GMT
|
||
|---|---|---|
| .. | ||
| apache-httpd | ||
| hitch | ||
| jboss | ||
| lighttpd | ||
| nginx | ||
| phpfpm | ||
| varnish | ||
| caddy.nix | ||
| fcgiwrap.nix | ||
| hydron.nix | ||
| meguca.nix | ||
| mighttpd2.nix | ||
| minio.nix | ||
| shellinabox.nix | ||
| tomcat.nix | ||
| traefik.nix | ||
| uwsgi.nix | ||
| winstone.nix | ||
| zope2.nix | ||