Remove OCSP stapling
Looks like it was not actually working before and failing silently because ssl_trusted_certificate was not specified. Will need to revisit implementing this functionality so removing it for now to prevent the warnings logged by nginx now.
This commit is contained in:
Jason Wilder
parent
3c5843264e
commit
080a5157e6
2 changed files with 1 additions and 3 deletions
|
|
@ -82,7 +82,7 @@ and `CERT_NAME=shared` will then use this shared cert.
|
||||||
|
|
||||||
The SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
|
The SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
|
||||||
should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
|
should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
|
||||||
Windows XP IE8, Android 2.3, Java 7. The configuration also enables OCSP stapling, HSTS, and SSL
|
Windows XP IE8, Android 2.3, Java 7. The configuration also enables HSTS, and SSL
|
||||||
session caches.
|
session caches.
|
||||||
|
|
||||||
The behavior for the proxy when port 80 and 443 are exposed is as follows:
|
The behavior for the proxy when port 80 and 443 are exposed is as follows:
|
||||||
|
|
|
||||||
|
|
@ -96,8 +96,6 @@ server {
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_session_timeout 5m;
|
ssl_session_timeout 5m;
|
||||||
ssl_session_cache shared:SSL:50m;
|
ssl_session_cache shared:SSL:50m;
|
||||||
ssl_stapling on;
|
|
||||||
ssl_stapling_verify on;
|
|
||||||
|
|
||||||
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
|
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
|
||||||
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
|
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
|
||||||
|
|
|
||||||
Reference in a new issue