From 129346b86ffb1b91d933f73de5c0b65f30566107 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 20 Aug 2022 08:58:34 -0500 Subject: [PATCH] Disable OCSP stapling by default It causes warning with self signed certs --- root/defaults/nginx/ssl.conf.sample | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/root/defaults/nginx/ssl.conf.sample b/root/defaults/nginx/ssl.conf.sample index 3b0522d..f280c5b 100644 --- a/root/defaults/nginx/ssl.conf.sample +++ b/root/defaults/nginx/ssl.conf.sample @@ -22,11 +22,11 @@ ssl_prefer_server_ciphers off; #add_header Strict-Transport-Security "max-age=63072000" always; # OCSP stapling -ssl_stapling on; -ssl_stapling_verify on; +#ssl_stapling on; +#ssl_stapling_verify on; # verify chain of trust of OCSP response using Root CA and Intermediate certs -ssl_trusted_certificate /config/keys/cert.crt; +#ssl_trusted_certificate /config/keys/cert.crt; # Optional additional headers #add_header Cache-Control "no-transform" always;