Remove OCSP stapling
Looks like it was not actually working before and failing silently because ssl_trusted_certificate was not specified. Will need to revisit implementing this functionality so removing it for now to prevent the warnings logged by nginx now.
This commit is contained in:
parent
3c5843264e
commit
080a5157e6
2 changed files with 1 additions and 3 deletions
|
@ -82,7 +82,7 @@ and `CERT_NAME=shared` will then use this shared cert.
|
|||
|
||||
The SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
|
||||
should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
|
||||
Windows XP IE8, Android 2.3, Java 7. The configuration also enables OCSP stapling, HSTS, and SSL
|
||||
Windows XP IE8, Android 2.3, Java 7. The configuration also enables HSTS, and SSL
|
||||
session caches.
|
||||
|
||||
The behavior for the proxy when port 80 and 443 are exposed is as follows:
|
||||
|
|
|
@ -96,8 +96,6 @@ server {
|
|||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_timeout 5m;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
|
||||
ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
|
||||
|
|
Reference in a new issue